‘Employees can be your weakest link when it comes to cyber security’, says head of cyber proposition

A lack of education in cyber security has left employees making mistakes that could cause significant harm to their business, new research from QBE has revealed.

In a statement released yesterday (16 October 2023), the insurer revealed that 31% of employees had made errors that could impact the cyber security of their workplace.

These ranged from falling victim to a phishing scam (5%), accidentally clicking a link or downloading something that resulted in malware being added to a work device (7%), losing or having a work device stolen (6% and 7%) to sharing passwords with colleagues (13%).

QBE obtained the figures from a survey of 2,000 UK workers, which was carried out in partnership with research company Opinium.

After QBE published the results, its head of cyber proposition for Europe Erica Kofie warned c-suites that “employees can be your weakest link when it comes to cyber security”.

However, the insurer’s survey also suggested that more needed to be done to educate employees on the risks and necessary steps to alleviate them.

Right tools

For example, it found that employee mistakes were being made as less than half said their workplace had the right tools to mitigate potential cyber risks.



Just 29% said their firm ran phishing and cyber scam simulation exercises, while only 43% said they had multifactor authentication (MFA) to log on to work devices.

Meanwhile, only 46% of firms were running cyber security training for employees, the figures showed.

And with artificial intelligence (AI) is on the rise, the data found that the majority of those surveyed (56%) said they believe AI will actually increase cyber risk rather than reduce it (12%).

QBE said the data showed that companies should be looking into how they can educate employees to be more aware of risks.

And Kofie warned that it was “crucial for businesses to take stock of their cyber security, not only to address any gaps that might let criminals in, but also to ensure they can access full levels of insurance”.

”It is important to have an education programme in place to remind them about the risks, how to spot suspicious activity and what to do and not do,” Kofie added.

”Sporadic phishing simulations are also recommended to highlight areas of your workforce you might need to spend more time educating about the risks.”