More Than 4 In 5 Workers Exhibit Poor Security Behaviours: KnowBe4 TAPPED Out Study


By Javvad Malik, Lead Security Awareness Advocate

In a recent study conducted by KnowBe4, a leading security awareness training and simulated phishing platform, it was found that a significant number of workers in the UK exhibit poor security behaviours. The report, called the TAPPED Out Report, offers valuable insights into the security attitudes and behaviours of over 6,000 workers across different work settings. The findings paint a concerning picture of the cybersecurity landscape and highlight the need for improved security awareness and training.

Key Findings

Factors Influencing Cybersecurity behaviour:
The study revealed that more than 4 in 5 workers in hybrid (82%), in-office (84%), and remote (85%) settings do not always make security-conscious choices. Interestingly, the survey found that certain times of the day influenced workers' attention to cybersecurity. Remote, hybrid, and in-office workers were more likely to make security-conscious decisions before lunch rather than after lunch.

“Not My Responsibility" Attitude
A concerning finding was the attitude among workers towards company cybersecurity. Around 1 in 5 full-time office workers (21%) did not feel responsible for their company's cybersecurity, compared to 1 in 7 remote or hybrid workers (14%). Despite some workers taking pride in their organisation's cybersecurity, their behaviours indicate a different story.

Issue of Multitasking
The study highlighted multitasking as a security issue. Almost half of hybrid workers (47%) and remote workers (44%) admitted to checking emails first thing in the morning while still half asleep. Approximately a fifth of hybrid (20%), in-office (20%), and remote (21%) workers confessed to responding to work emails while on the toilet. Remote and hybrid workers were also slightly more likely to respond to work emails when under the influence.

Impact of Distractions on Awareness
Distractions during work play a role in compromising security. Almost 2 in 5 workers (39%) who clicked on a link they shouldn't have were distracted at the time, and over a third (35%) said they were feeling stressed. Maintaining focus and mental clarity significantly reduces the chances of clicking on phishing emails or malicious attachments. Practising good cyber hygiene and exhibiting secure behaviours can help prevent security breaches and incidents.

Common Distractions
Each group of workers experienced different distractions during their regular workday. However, phone notifications and calls were unanimously identified as the biggest distractions for remote, hybrid, and in-office workers. Deliveries were more distracting for those working from home, with 28% of remote workers and 26% of hybrid workers reporting being distracted by deliveries, compared to 15% of full-time office workers.

Tips to Avoid Distractions and Mistakes
The study also provided some practical tips to help workers avoid distractions that can lead to detrimental mistakes:

  • Determine personal best practices for your workday.
  • Schedule time for emails instead of leaving the inbox open all the time.
  • Prioritise tasks/projects by writing them down.
  • Turn off mobile phone notifications.
  • Handle emails immediately rather than leaving them for later.

The findings emphasise the need for increased security awareness and training to mitigate the risks posed by distractions, multitasking, and a lack of responsibility towards company cybersecurity.

By implementing secure behaviours, fostering a strong security culture, and providing comprehensive security awareness training, organisations can empower their workforce to make better decisions and protect against potential cyber threats.

The full report can be found here

Sustaining Partners