GetApp surveyed just under 1,000 employees, exploring the seriousness with which UK firms take cybersecurity, and how they respond to security threats.

The report reveals that 17% of surveyed businesses have suffered an account takeover at the hands of a hacker in the last year.

22% of employees from GetApp’s survey either don’t have a company protocol in place to report a cyber-attack or wouldn’t know what to do if an attack were to happen. Meanwhile, 13% of companies don’t have a formal cybersecurity incident response plan in place. 

More GetApp findings

This lack of preparedness is made worse by the fact that over one-third of employees (38%) use the same password for numerous accounts. Considering that 37% of those surveyed have access to all company data or more data than necessary to do their job, this could make employees vulnerable to potential data hacks. In the last year alone, 17% of respondents have suffered an account takeover, where a hacker gained access through a stolen username or password. 

Despite this lack of preparedness for a potential cyber-attack, 77% of employees responding to the survey believe they have a good or very good awareness of cybersecurity risks and best practices. Moreover, 42% take steps to improve their own personal security on their work devices, these include using a VPN, multi-factor authentication and locking their screens when not in use. 

Businesses response to cybersecurity concerns 

46% of employees have at some point raised cybersecurity concerns with their company’s IT department, and the most common ways businesses responded to these concerns include:

• Open communication, encouraging employees to voice their concerns (58%)
• Employee involvement when suggesting new ideas or reporting vulnerabilities (48%)
• A reminder of security policies and recommendations (39%)
• Transparency and explanation of the incident that occurred (25%)

Moreover, 70% of companies provide their employees with data privacy training, and 65% with cybersecurity coaching. Whilst just under half receive training on onsite safety and building access. Over three-quarters of employees (76%) receive security training either once a year or once every six months.

Satisfaction regarding businesses’ approaches to cybersecurity is high, as 81% of all employees stated that they are very or quite confident that their company sees cybersecurity as a priority and takes it seriously. 

However, according to employees, there is still work to be done. Associates believe management could better engage staff in cybersecurity efforts through education and training (57%), phishing simulations (46%), and better explanations of security guidelines (39%). 

David Jani, Content Analyst at GetApp UK, commented: “Cybersecurity risks are a considerable danger to companies given the reputational and operational damage that can occur if they succeed. Being ready to respond to these threats either before or after they succeed can be vital.

“Many employees responding to our survey report a level of preparedness and awareness of cybersecurity measures in their workplace. However, this is still a notable proportion who say that their companies have no formal cybersecurity incident response plans at all or remain unaware of them. Time can be essential if ransomware or phishing attacks occur and if employees are not familiar with procedures to respond to them quickly these attacks are more likely to seriously impact companies.”

Study Methodology

The data for GetApp’s 2023 Data Security Survey was collected between November 10th and 26th 2023 and comprises answers from 995 respondents. All respondents were UK residents, aged between 18-65 years-old, full-time employees, and worked for a company which uses cybersecurity software tools for protection and have some awareness of which tools are used.

More UK Security News