KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released its latest UK Cybersecurity Practices at Work report on workplace cybersecurity behaviours. Based on a survey conducted by OnePoll with 2,000 UK participants who use computers for work, the survey delves into various aspects of cybersecurity awareness and behaviours conducted in the workplace.

The findings revealed that many participants had not received cybersecurity training across various core cybersecurity best practices. Specifically, 48% have never been trained on creating strong passwords, and 51% have not received training on avoiding phishing scams. Alarmingly, almost one in five (18%) have never received any form of cybersecurity training from their companies.

Other cybersecurity practices that employees are yet to receive training on include:

  • Remote working best practices (60%)
  • What to do if your credentials have been breached (66%)
  • Social engineering (82%)
  • Deepfakes and AI (83%)
  • Bring your own device (84%)

“Making the UK a safer place to do business is a shared responsibility and if organisations are equipping employees with computers to do their jobs, they also should be empowering them with the tools and knowledge to use them securely,” said Javvad Malik, lead security awareness advocate at KnowBe4. “The technology landscape is changing all the time, therefore, not including training on new areas such as deepfakes and AI, could be putting UK organisations at further risk of cybercrime.”

When it comes to following cybersecurity, advice provided by their organisations, nearly three-quarters said they always or often follow it. However, one in four workers sometimes, rarely or never follow cybersecurity advice. Several reasons contribute to employees not following cybersecurity advice, with 29% admitting they forget to adhere to the correct practices. Additionally, 22% find cybersecurity advice too complicated to follow, and a striking 14% believe it is not their responsibility to keep work systems safe.

Other notable stats include:

  • Only 42% of UK workers have read and signed their workplace’s cybersecurity policy
  • One-third of respondents admitted that they or a colleague have bypassed a cybersecurity prompt / best practice in order to get a job done quicker
  • More than one in four (27%) said they or a colleague have used an app not approved by their organisation to get a task done
  • Only 37% of UK workers responded that they strongly agreed with the statement “I know what my organisation expects from me when it comes to cybersecurity best practices at work, and I act accordingly”

“Adopting the core cybersecurity practices and providing thorough training to employees should be a priority for organisations to reduce the chance of breaches in the future,” Malik said. “Yet, if organisations aren’t getting the message through, it may be time for a new approach, since it is also clear that employees aren’t worried enough about the consequences of breaches and don’t seem to be taking the issue seriously. It is vital that employees are given useful, clear training to highlight the importance of using the correct behaviours when working in the office and from home.” 

To view the findings of the survey, click here.