Office workers and CISOs really aren't on the same page when it comes to security

News
By published

Workers think they're safe, but over half don't know what 'phishing' means

Stock photo of young woman’s face as she contemplates one of the many computer monitors that surround her.
(Image credit: Getty Images)

There appears to be a lack of cybersecurity awareness amongst many office workers, despite most believing that they have been adequately trained, new research has claimed.

A survey from Encore of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK found a significant security knowledge gap between IT teams and workers.

Some of the more worrying findings include the failure of over half (57%) of staff to properly define what a phishing attack is, yet 90% of C-Suite executives believe they provide adequate cyber awareness training, and 80% of staff agree. 

Bad practices

If this is the case, though, it seems none of that training has sunk in. Basic security practices are seemingly being ignored, as over a third of employees use the same password for both work and personal devices, and 37% use personal devices for work purposes.

read more

> Your company executives could still be the weakest cybersecurity link

> Even top-level executives are practicing poor password hygiene

> Attention businesses: please stop using the worst passwords possible

Again, though, leaders appear blind to this fact. 71% of executives are confident that they deploy enough safeguards to secure their business, including from human error. 

21% aren't confident in their safeguards though, and 8% think that their workers pose no risk at all.

“Despite hundreds of reported breaches making the headlines each year – often featuring news of an exploited user account or an exposed password – it’s concerning that nearly a third of organizations have insufficient defenses around the workforce,” says Encore CTO Lior Arbel.

Arbel believes that firms treat cybersecurity training as a box-ticking exercise, and that as threats continue to evolve, keeping pace with adequate training is hard. 

"Business leaders trust that their staff are being well trained, and each individual trusts that their employers are providing them with all the knowledge and tools they need... however, a gap between perceptions and reality has formed – and it needs bridging immediately," Arbel concludes.

Other research has found similar failings among workers, such as the prevalence of malicious links in emails being opened, unaware that they are used as part of phishing attacks to elicit passwords and other credentials from businesses, or otherwise infect the target system with malware.

Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
person at a computer
Many workers are overconfident at spotting phishing attacks
Cyber-security
Security leaders don't want to be held personally liable for attacks
A digital representation of a lock
Gen Z and Millennial social media accounts are ripe for the taking and this doesn’t surprise me
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Classroom
Many schools still don’t have basic cybersecurity measures, research reveals
Latest in Security
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Latest in News
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality
More about security
Code Skull

Interpol operation arrests 300 suspects linked to African cybercrime rings
An abstract image of a lock against a digital background, denoting cybersecurity.

Critical security flaw in Next.js could spell big trouble for JavaScript users
Netflix Ads

Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
See more latest
Most Popular
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
Google Pixel 9a being held, from the back
The Google Pixel 9a’s mysterious delay may have just been explained
Nintendo Sound Clock: Alarmo
Nintendo Sound Clock: Alarmo gets new update with more customizable features ahead of the Switch 2 Direct
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight