58% of Employees Ignore Cyber Security Guidelines

An estimated 58% of employees ignore cyber security guidelines, while 39% of employees admit they are unlikely to report a security incident in the workplace.

Ellie Gillard
Ellie Gillard
Sep 1, 2022 5 min read

Cyber attacks are on the rise, with a staggering 75% of organisations falling victim to attacks or breaches in the last 12 months. It’s estimated that organisation-targeting cyber attacks cost the UK economy £10 billion annually, and this figure is surging.

In addition, 60% of small businesses collapse within six months following a cyber attack.

The continuous development of technology has left businesses of all sizes and backgrounds vulnerable to cyber-attacks. As intimidating as this can feel, you can however protect your company from cyber-attacks in many ways, with cyber security awareness at the forefront.

TryHackMe offers a wealth of learning pathways tailored to the complete cyber security beginner, through to professionals in offensive and defensive fields looking to continuously upskill on new threats and developments.

Why is Cyber Security Important In The Workplace?

Workplace human error is usually a result of improper training and a lack of cyber awareness across teams, which can lead to security breaches through common mistakes in the workforce.

As human error contributes to 95% of successful security breaches, training your employees and introducing cyber security measures should be a key component of your cyber security strategy.

As new strains of malware and various threat actors grow and evolve, businesses need to ensure the implementation of appropriate workplace security measures, educating employees and eliminating weaknesses.

Creating a culture around cyber security awareness in the workplace doesn’t entirely eradicate the risk of attacks, but awareness, cyber skills, and early intervention can significantly reduce breach likelihood and repercussions.

How to Implement Cyber Security For Your Business

Cyber Training

When creating a cyber secure culture in the workplace, cyber security awareness is vital. Your cyber security is only as strong as your weakest employee, with most breaches attributable to human negligence and lack of cyber security awareness.

Employees play an essential role in maintaining the company’s cyber security, despite 30% of employees believing otherwise. In conjunction with this, one in three (29%) admit to taking data with them after leaving a company.

In the same study, a shocking 39% of employees admit they are unlikely to report a security incident, highlighting the need to create a culture of openness to empower employees to report suspicious activity.

In addition to these figures, an estimated 58% of employees ignore cyber security guidelines.

To varying degrees, all staff with access to data, networks and applications should be aware of risks and mitigation methods. Continuously upskilling your cyber security teams and providing cyber security awareness training for employees helps to amp up business defences for heightened protection.

Password Security

Ensuring secure passwords and multi-factor authentication across your business is a core element of cyber security. With that in mind, only 26% of companies use multi-factor authentication to secure their accounts.

In a recent study, it was found that 44 million users were reusing passwords across accounts, with 45% of employees admitting to reusing the password of their business accounts on other services.

As part of an employee password policy in accordance with password best practices, users should adopt unique and complex passwords that are not repeatedly used, combining uppercase, lowercase, numbers and symbols. Along with a strong password policy, passwords should be updated regularly, with multi-factor authentication enabled to increase confidence that your organisation will stay safe from cyber criminals.

Data Backups

As malware that encrypts files, ransomware is estimated to be a factor in 10% of all breaches and is predicted to become the most dominant cyber threat to businesses. In the event of a ransomware attack, having a recent backup of your data will help you recover quickly.

Back up your data to an external hard drive, a cloud backup service, or another secure location that’s not connected to your network or easily accessible to attackers on your network.

With secure data backups, you’ll be able to restore your files from the latest backup to minimise business disruption.

Regularly Update Software

To prevent vulnerabilities from being exploited, software updates contain new features, performance improvements, fixes for bugs and security patches.

As delaying software updates can leave you open to malware and vulnerabilities through security loopholes, you should apply updates to all apps and software as soon as they are available. Alternatively, automatic software updates should be used when possible.

The most recurrent reason for delaying software updates is the interruption of plans and routines, with update reminders seemingly popping up at the worst of times. 57% of cyber attack victims admit that installing an available patch could have prevented breaches from taking place.

Monitor Threats and Anomalies

Firewalls, web gateways, and intrusion prevention tools can provide adequate protection. However, it is equally essential to use detection methods as cyber attackers can bypass defence systems.

Network admins have a critical role in identifying and reacting to changing operational conditions in preventing or disrupting cyber attacks. Alongside existing methods to detect and prevent cyber security threats, organisations can embrace and adopt automation methods through artificial intelligence and anomaly detection.

Anomaly detection identifies events or observations that deviate from standard behaviours or patterns. In cyber security, these anomalies can detect a cyber attack, security errors, structural defects and even fraudulent attempts.

Fundamental Security Measures

Anti-virus (AV) software and firewalls are two prevalent solutions to protecting against malicious attacks.

Anti-virus software for business detects and removes malware and other malicious threats from a device. Using business anti-virus has become essential for any company, regardless of its scale.

Often seen as the first line of defence, firewalls prevent unauthorised access into or out of a computer network and determine what traffic is allowed to enter your device. Firewalls for business are critical in detecting Denial of Service (DoS) and Distributed Denial of Service (DDoS) that aim to disrupt the normal traffic of a targeted server.

Strengthen Your Cyber Security

Introducing employee cyber awareness training can open the door to a secure cyber culture in the workplace, perfect for the entirety of your team.

TryHackMe has a plethora of labs and training for beginners just starting out in cyber security, through to labs suited to experts in the field looking to upskill and stay on top of threats and evolutions.

Our training pathways explore high-level offensive and defensive content and allow cyber security teams to stay on top of new threats and advances in the industry. This keeps the company safe and structures training in an easily-trackable, efficient, and engaging way.


Get more insights, news, and assorted awesomeness around cyber training.