New research highlights worrying gaps in cybersecurity reporting across the UK workforce, with senior-level staff three times less likely to report cybersecurity threats than their more junior colleagues.
A survey of over 2,000 people in the UK by compliance training company Skillcast, suggests that a significant portion of the UK workforce is hesitant to report certain cybersecurity threats in a timely fashion, posing a significant potential security risk.
Almost half (48%) of those surveyed said they would not immediately report receiving a phishing email, with one in seven (13%) admitting they would not report it within the same working day. A further 7% said that they would never bother to report a phishing email.
More alarmingly, four out of 10 employees (41%) said they would not immediately report a compromised work password. A similar proportion (39%) would not immediately report a suspicious IP address accessing their work files.
The most common reason for not immediately reporting cyberattacks was the belief that colleagues would be capable of recognising these attacks themselves.
Intriguingly, the survey also suggests that the likelihood of non-reporting increases with seniority. Senior-level employees are twice as likely not to report a phishing email, and three times more likely not to report a compromised password or suspicious IP address compared to entry-level staff.
“These findings highlight a critical vulnerability in cybersecurity frameworks found in workplaces across the country,” said Skillcast CEO, Vivek Dodd. “The reluctance to report potential threats, particularly among senior staff who often have access to sensitive information, could lead to significant security breaches.”