New research highlights alarming gaps in cybersecurity reporting across the UK workforce, with senior-level staff most likely to underreport threats. A survey of over 2,000 UK workers, conducted by compliance training company Skillcast, indicates that a significant portion of the UK workforce is hesitant to report certain cybersecurity threats in a timely fashion, posing a serious security risk.
Key Findings
Nearly half (48%) of UK workers would not immediately report a phishing email, with 1 in 7 (13%) admitting they would not report it within the same working day. Shy of 1 in 10 (7%) indicated they would never report a phishing email.
Two in five employees (41%) stated they would not immediately report a compromised work password. Similarly, around two in five (39%) would not immediately report a suspicious IP address accessing their work files. The most common reason for not immediately reporting cyberattacks was the belief that fellow colleagues would be capable of recognising cyberattacks.
Seniority-Based Trends
The survey shows that the likelihood of non-reporting increases with seniority. Senior-level employees are twice as likely not to report a phishing email, and three times more likely not to report a compromised password or suspicious IP address compared to entry-level staff.
Skillcast CEO, Vivek Dodd, comments on the results of this research: “These findings highlight a critical vulnerability in cybersecurity frameworks found in workplaces across the country. The reluctance to report potential threats, particularly among senior staff who often have access to sensitive information, could lead to significant security breaches.”
Vivek continues, “Equally, assuming that fellow colleagues are capable of recognising cyberattacks without proper training is a dangerous oversight. Not only does it leave businesses vulnerable to breaches, but also undermines a collective responsibility for cybersecurity. In today’s digital landscape, every employee must be equipped with the knowledge and vigilance to identify potential threats, as the weakest link can compromise the entire system. Through dedicated cybersecurity training, businesses can ensure that every employee has the ability to recognise and report threats effectively.”