Almost three quarters (73%) of workers admitted to having fallen victim to a cyber attack, the research also highlighted. Findings were published on 30 April.
Research findings also revealed that 80% of UK workers access workplace applications on personal devices that don’t have security controls. Half (49%) of workers reported using the same login credentials for multiple work applications.
Tracking the social media use of every employee is almost impossible, stressed David Higgins, CyberArk's senior director of field technology.
Speaking to HR magazine, he said: "Large public companies may monitor what key employees share, to protect against things like insider trading; ensuring financial information isn’t disclosed before it’s been made public. You might also see businesses applying tighter web monitoring on corporate-issued laptops. But realistically, trying to track every social media platform across all of an employee’s devices is an almost impossible task, and certainly not scalable for most organisations.
“Instead, a more effective approach for many businesses is to focus on clear user education and enforceable policy standards. Creating a culture of awareness and responsibility is key.”
Read more: MPs' WhatsApp group sparks workplace communication questions
Higgins added that employees must be aware of why cyber hygiene matters. He said: "To be truly effective, security needs to be embedded in the company’s culture. No one really complains about security guards at the door, turnstiles at the office entrance or CCTV in the car park, because they understand the protection they provide.
“The same logic needs to apply to IT security. HR and security leaders should work hand-in-hand, so that employees view cybersecurity controls as something that protects not just the business, but them also.”
Researchers at CyberArk found that a quarter (25%) of UK employees worry about their work account being compromised, despite 30% having already experienced a work-related cyber attack.
Almost three quarters (73%) of workers reported being worried about the security of their credit card details being saved online, and experiencing financial fraud as a result.
Read more: M&S chaos: How can HR help prevent cyber attacks?
HR leaders must rethink how they are teaching employees to be cyber-secure, said Vivek Dodd, CEO of training and skills provider Skillscast.
Dodd told HR magazine: “The last line of defence in any cybersecurity system isn’t a firewall or a password, it’s a person. Today, every employee is a potential gatekeeper – or risk – to your organisation's digital defences. One wrong click can plunge a business into chaos.
“HR leaders have a pivotal role to play. This starts with training that isn’t passively delivered, but absorbed. We need to stop expecting employees to sit through hour-long presentations and start thinking in terms of how social media and short-form video has changed the way we consume and digest information. Attention spans are shorter, time is more precious, and inboxes are noisier than ever. Short, sharp, mobile-friendly, digestible learning must be delivered regularly and reinforced continuously, not just once a year.
“Most importantly, education must be accessible to all, especially those on the frontline: customer service reps, and IT teams. These people are your first responders when breaches happen. If you invest in their preparedness, you’re investing in your resilience.”
CyberArk commissioned Censuswide to survey 2,000 UK workers between 23 and 28 January 2025.
