- Being blamed or getting into trouble are workers’ biggest worries when reporting cyberattacks
- UK workers understand and can identify cyberattacks pretty well
- This comes as cyberattacks become worryingly common
New data has claimed two in five (39%) office workers wouldn’t even tell their company’s cybersecurity teams if they thought they had been the victim of a cyberattack at work.
The findings from Cohesity come despite generally better understanding compared with other European nations – 43% of UK workers understand ransomware, compared with 28% in France and 30% in Germany.
As many as four in five (79%) British employees would go as far as saying they feel confident in identifying a cyberattack, yet many choose to stay silent.
Workers feel embarrassed about cyberattacks
Cohesity says workers are most embarrassed about being blamed (17%) or getting into trouble (17%), leading them to stay quiet in the event of attacks. A further 15% stated they wouldn’t want to cause a fuss, with 11% admitting they’d rather attempt to fix the issue themselves rather than notify IT.
However, separate research from IBM reveals breaches lasting longer than 200 days cost around 34% more than those contained earlier (via Morgan Lewis). Moreover, silence delays incident response and increases vulnerability to threats like ransomware, malware spread and further phishing attempts.
Government data from 2024 reveals that half of all UK businesses and one-third of UK charities had experienced cyberattacks or breaches within the preceding year – a number that’s even more pertinent among medium (70%) and larger (74%) businesses, and one that’s likely to be even higher this year.
Cohesity GVP Olivier Savornin stressed: “Staying silent if they suspect a malicious cyberattack is quite possibly the worst thing an employee could do.”
Savornin calls for a workplace culture that makers workers feel more comfortable about raising the alarm, backed by proper cybersecurity training.
Cohesity Global Head of Cyber Resiliency James Blake noted that companies should take a holistic approach to “planning, processes, people and technology.”
