Employee naivety puts the onus on employers to educate their staff on cybersecurity

SME insurer Superscript has found that complacent attitudes among employees towards cybersecurity is putting UK businesses more at risk. In a survey of 1,500 UK employees, 40% feel that upholding cybersecurity best practice is not their responsibility.

Alarmingly, over a third (34%) claimed to be unaware of what preventative measures their company has in place to prevent such an attack, despite 53% claiming they rely on the systems their employers have in place to keep them safe.

45% stated they felt unconcerned about a cyber-attack as their employers should ensure they have insurance in place to cover any related losses. These findings emphasise the complacent attitudes employees have towards their role in keeping the workplace safe.

Cameron Shearer, Co-Founder & CEO at Superscript commented, “A digital presence is a necessity for all modern businesses. This opens up new risks, and with the widespread adoption of hybrid working cyber attacks are sadly becoming more prevalent. It is important that businesses approach protection with a full 360° view. As a first step, businesses should be educating employees about the collective responsibility to cybersecurity and instil good habits. This is just as important as ensuring they have protective systems in place in case they are attacked, and insurance in place in case of a successful attack.”

Even with the adoption of more advanced cybersecurity measures including biometric, multi-factor and computer recognition authentication, one in five (21%) still believe passwords to be the most secure measure while more than a quarter (29%) prefer passwords due to their ease of use. In fact, as many as 40% viewed multi-factor authentication as an inconvenience.

This preference for convenience might explain common bad password habits identified by this study:

• 34% have changed secure and ‘strong’ workplace passwords to a weaker but more memorable one that does not meet best practice i.e., not long, complex or include symbols
• 31% have shared their workplace passwords with colleagues and people outside of work
• 30% only use two-three different passwords at work
• 15% only use one password at work
• 12% did not change their password when notified that it had been compromised

Jamie Akhtar, CEO and co-founder of CyberSmart said, “We have certainly seen an increased awareness among businesses, particularly SMEs, with regard to cybersecurity in the last couple of years. While encouraging, the next step requires us to make the transition from knowing ‘what to do’ to ‘how to do it’ and getting those best practices embedded into company culture. 

Now more than ever, businesses need to take a holistic approach to cybersecurity. It is no longer enough to rely solely on basic password practices. Rather, businesses and their employees must take on board other measures from regular security awareness training and implementing MFA, to updating software as well as adopting cyber insurance.”

Employees had cited that virtual private network (VPN), antivirus software upgrades, multi-factor authentication, privacy screens, investment in cybersecurity training and cyber insurance upgrades had been introduced due to increased remote working*.

Promisingly, 56% of those surveyed felt confident they knew what steps to take in the event of a cyber-attack or breach on their computer whilst working remotely.

An understanding of the risks posed to businesses was also prevalent among employees**. When asked which common cybersecurity risks posed the most danger to their businesses, employees identified business interruption (49%), privacy liability (43%) and payment card data breaches (40%) as the top three threats.

Further insights from this finding including details of password selection habits, and the risks this poses can be found here at gosuperscript.com.