Insights: Annual Cybersecurity Attitudes & Behaviours Report 2024/25

Cyberattacks in 2024 are increasingly sophisticated and costly, with signs of fraud being harder to spot than ever before. In the UK, the average cost of a cyberattack for a medium/large-sized business is more than £10k, as reported by the UK Government.

CybSafe and The National Cybersecurity Alliance recently published an annual cybersecurity attitudes and behaviours report for 2024/2025. The report analysed online behaviours and beliefs of thousands across the globe. We were delighted to attend a webinar on the subject hosted by Security Awareness Special Interest Group (SASIG).

The report surveyed more than 7,000 individuals, with 67% employed across the US, Canada, the UK, Germany, Australia, New Zealand and India. We’ve rounded up some of the key findings below.

Accessibility and Variety are Key

The report found that accessible, varied and mandatory cybersecurity training in the workplace is highly important. It surveyed across generations and identified the top factors companies should consider when training people on online safety.

• Accessible – An accessible cyber-safe environment will allow employees to thrive. Training needs to be catered to all generations so they can achieve the same standard of knowledge and understanding to mitigate risks.

• Varied – As lead author of the report, Dr Suzie Dobrontei, describes “one size fits nobody”, and that an inaccessible, singular format cannot suit all employees that need training. Varied training can adapt to the employees’ individual preferences and increase understanding of the organisation’s cybersecurity techniques.

• Mandatory – Making access to training mandatory supports a cyber-safe environment. Without organisational support, employees can struggle to protect both personal and business information. Mandatory training can reduce the risk of a cyberattack by correcting employee’s understanding.

AI in the Workplace

The use of artificial intelligence (AI) in the workplace is growing. The report found that 38% of individuals share sensitive work information with AI tools without their employer’s knowledge, putting the company at risk of attack. Companies can improve their AI education by deploying varied, accessible and mandatory material. This helps to ensure a cyber-safe environment and limits the risk of employees sharing information with AI tools.

An accessible, varied and mandatory cyber scheme that puts knowledge into practice allows organisations to break the cycle of over-confident employees that don’t implement their training. Higher confidence doesn’t equate to lower risks of attack.

Inhabit Better Password Hygiene

Password hygiene was another key takeaway from the webinar. Most individuals include personal information in their passwords, use a single dictionary word or use words that equate to less than nine characters.

The report found employees think multi-factor authentication (MFA) adds negative personal barriers to the flow of work. Some found that it didn’t add much protection, didn’t believe it stopped cybercriminals and found that devices function without the MFA use. To inhabit better practices, the importance of MFA must be highlighted to protect employees and organisations.

Organisations should provide further training to highlight the consequences of not using MFA. By delaying the access of cyber attackers, organisations that use MFA are better at protecting sensitive company information.

Ilex is a trusted partner for crisis communications should a cyberattack occur. Our Co-founder and Managing Director, Matthew Whalley recently wrote an article for Strategic Magazine outlining the need for a communications partner who can help with a crisis strategy.

You can read the full article below:

Contact us today at info@ilexcontent.com for a free and no-obligation consultation.