Bad employee cybersecurity habits are leaving businesses at risk 

Bad employee cybersecurity habits are leaving businesses at risk 

Superscript has found that complacent attitudes among employees towards cybersecurity is putting UK businesses more at risk. In a survey of 1,500 UK employees, 40% feel that upholding cybersecurity best practice is not their responsibility. 

Alarmingly, over a third (34%) claimed to be unaware of what preventative measures their company has in place to prevent such an attack, despite 53% claiming they rely on the systems their employers have in place to keep them safe. 

Just under a half (45%) stated they felt unconcerned about a cyberattack as their employers should ensure they haveinsurance in place to cover any related losses. These findings emphasise the complacent attitudes employees have towards their role in keeping the workplace safe.  

“A digital presence is a necessity for all modern businesses,” said Cameron Shearer, Co-Founder & CEO at Superscript. “This opens up new risks and with the widespread adoption of hybrid working cyberattacks are sadly becoming more prevalent. It is important that businesses approach protection with a full 360° view. As a first step, businesses should be educating employees about the collective responsibility to cybersecurity and instil good habits. This is just as important as ensuring they have protective systems in place in case they are attacked and insurance in place in case of a successful attack.” 

Even with the adoption of more advanced cybersecurity measures including Biometric, Multi-Factor and Computer Recognition Authentication, one in five (21%) still believe passwords to be the most secure measure while more than a quarter (29%) prefer passwords due to their ease of use. In fact, as many as 40% viewed Multi-Factor Authentication as an inconvenience. 

This preference for convenience might explain common bad password habits identified by this study: 

  • Just 34% have changed secure and ‘strong’ workplace passwords to a weaker but more memorable one that does not meet best practice 
  • Only 31% have shared their workplace passwords with colleagues and people outside of work 
  • Under one-third (30%) only use two-three different passwords at work  
  • Over a tenth (15%) only use one password at work 
  • A total of 12% did not change their password when notified that it had been compromised 

“We have certainly seen an increased awareness among businesses, particularly SMEs, with regard to cybersecurity in the last couple of years,” added Jamie Akhtar, CEO and co-founder of CyberSmart. “While encouraging, the next step requires us to make the transition from knowing ‘what to do’ to ‘how to do it’ and getting those best practices embedded into company culture. Now more than ever, businesses need to take a holistic approach to cybersecurity. It is no longer enough to rely solely on basic password practices. Rather, businesses and their employees must take on board other measures from regular security awareness training and implementing MFA, to updating software as well as adopting cyberinsurance.” 

Browse our latest issue

Intelligent SME.tech

View Magazine Archive