One third of UK workers believe only big businesses can get hit by hackers and small firms are not targets at all. This is despite the fact that SMEs offer rich pickings for cyber attackers. And, one in six UK workers take no responsibility for protecting their business from cyberattacks, saying it’s only IT/cyber security teams that are responsible for protecting their company.
New research from data security expert, Cohesity, released during Cyber Security Awareness Month, reveals the cyber security myths that people mistakenly believe. This lack of understanding amongst employees is opening the door to malicious players, leaving UK companies dangerously exposed to cyber threats which can bring their businesses to a grinding halt or even total destruction.
The top five myths that workers mistakenly believe are:
- Cyber security – that’s just for the IT crowd. 60% of employees think only IT or cyber security teams are responsible for protecting their company from cyberattacks. In reality, every employee plays a crucial role in keeping data safe.
- Ransomware steers clear of small businesses. A third (33%) think ransomware attackers only target big businesses. The truth? Companies of all sizes are at risk. In fact, small firms are often even more at risk, as they frequently lack the skills and technology found in larger companies.
- Wi-Fi wards off ransomware. Almost half of workers (44%) wrongly believe ransomware can’t spread through Wi-Fi – making it easier for attackers to catch people off guard.
- Pay hackers, lose twice: the data is still gone. 33% of employees believe that paying cyber criminals is the only way to reclaim company data after it’s stolen, despite the NCSC advising that organisations consider viable backups or decryption tools first.
- Macs, mobiles and USBs are immune. Over half of UK’s employees (58%) assume that Mac computers will keep them safe and can’t be used as an entry point for cyberattacks. This is followed by mobile phones (51%) and USB devices (39%). In fact, cyberattacks can be designed for any connected device.
Why understanding the risks matters
Olivier Savornin, GVP Europe at Cohesity, warns: “Despite cyberattacks being in the headlines day in, day out, there’s much to be done when it comes to educating employees about what good cyber hygiene looks like.”
“It doesn’t matter how advanced your cybersecurity solutions are if employees are unable to identify and escalate suspicious activity. Social engineering attacks specifically prey on human error, which means every employee is a potential target and a line of defence.
“Building true cyber resilience requires a three-pronged approach: robust technology, continuous employee training, and a culture that actively promotes vigilance at every level of the organisation. Without this, organisations remain dangerously exposed.”
Research methodology
Cohesity conducted research amongst full-time office workers to understand beliefs, knowledge, and behaviour when it comes to malicious cyberattacks, including ransomware. Research was conducted in partnership with OnePoll and surveyed 2,000 UK employees in June 2025.
To learn more, visit www.cohesity.com.