UK workers knowingly put their employers at security risk every day

Cases such as a US software company mistakenly hiring a North Korean hacker and the recent breach affecting 63,000 workers at a major Telecoms provider emphasise the risk of insider threats. The UK has also faced similar challenges, such as the railway station WiFi attack that affected 19 major railway stations linked to a compromised third-party account. These incidents show how a single breached credential can jeopardise entire networks.

It's not that employees aren’t aware of the threat

The significant risk is evident – but are employees in the UK doing their part? New research by CyberArk, the leading Identity Security Company, suggests that while UK employees are aware of how their access can be exploited, they don’t prioritise this as a risk to be protected against.

Surveying 2000 UK office workers to understand their cybersecurity awareness, the study revealed that:

Almost half (44%) agree that correspondence over work platforms, including instant messaging applications and email, can be manipulated for malicious purposes

49% of UK workers also acknowledge that their personal messages to close friends and family on social media are exposing their employers to potential financial and reputational risks

They just continue to fear, and prioritise, other – less likely – dangers

Despite the above, and also the fact that a staggering 71% of UK workers admit to having fallen victim to a cyberattack, the focus from UK employees on what to fear most, and hence protect against, seems to be misplaced:

According to the survey 72% worry about the security of their credit card details being saved online and suffering financial fraud as a result, but only 16% have actually had money stolen from their bank.

At the same time, only 25% worry about their work account being compromised, despite the fact that almost double (30%) have already experienced a work related cyberattack (30%).

As a result, poor workplace hygiene continues to persist. 80% continue to access workplace applications – which often contain business-critical data – from personal devices that frequently lack adequate security controls, while 49% of employees also use the same login credentials for multiple work-related applications, and 36% use the same credentials for both personal and work applications.

“The research highlights an alarming disconnect between the kind of cyber threats UK workers want to protect against and the threats that they instead should be focusing on. While protecting against financial fraud or deepfakes are important, it’s weak or re-used passwords and the use of personal devices to access work related apps and information that cybercriminals are more interested in – as accessing corporate data is where the big money is”, says David Higgins, Senior Director Field Technology Office at CyberArk. “This threat is only set to worsen with the infiltration of AI tools into the workplace – tools that are also accessing critical tools and application. With the number of machines to human credentials standing at 100:1 in the UK workplace according to our research, surely making sure the ‘1’ is secure is a basic first step before adding another ‘100’. This can only be done through adaptable and intuitive solutions that don’t get in the way of the user experience and ensure robust identity security across workers – whether machine or human.”