According to SME insurer Superscript, complacent attitudes amongst employees is putting UK businesses at risk.
A survey was undertaken of 1,500 UK employees where it was found that 40 per cent feel that upholding cybersecurity best practice is not their responsibility.
Despite 53 per cent of respondents stating that they rely on the measures put in place by their employers, 34 per cent are unaware of what these preventative measures consist of - whilst 45 per cent are unconcerned about a cyber-attack because they feel that their company should ensure that they have insurance to cover all eventualities.
Cameron Shearer - Co-Founder and CEO at Superscript - commented:
"A digital presence is a necessity for all modern businesses. This opens up new risks, and with the widespread adoption of hybrid working, cyber-attacks are sadly becoming more prevalent. It is important that businesses approach protection with a full 360° view. As a first step, businesses should be educating employees about the collective responsibility to cybersecurity and instil good habits. This is just as important as ensuring they have protective systems in place in case they are attacked, and insurance in place in case of a successful attack.”
Despite the adoption of more advanced cyber-security methods, 21 per cent of employees still believe passwords to be the most secure measure; 29 per cent prefer passwords due the ease of use and 40 per cent regarded multi-factor security as an inconvenience.
Common bad password habits identified by the study were found to be secure and strong workplace passwords changed to a weaker but more memorable one that does not meet best practice – by 34 per cent of workers; 31 per cent shared workplace passwords with colleagues and friends; use of only two or three different passwords at work by 30 per cent and use of only one password at work by 15 per cent of workers. In addition, 12 per cent admitted to not changing their password after being notified that it had been compromised.
Jamie Akhtar - CEO and Co-Founder of CyberSmart - said:
“We have certainly seen an increased awareness among businesses, particularly SMEs, with regard to cybersecurity in the last couple of years. While encouraging, the next step requires us to make the transition from knowing ‘what to do’ to ‘how to do it’ and getting those best practices embedded into company culture. Now more than ever, businesses need to take a holistic approach to cybersecurity. It is no longer enough to rely solely on basic password practices. Rather, businesses and their employees must take on board other measures from regular security awareness training and implementing MFA, to updating software as well as adopting cyber insurance.”