A new Vodafone Business study has revealed more than 10% of British businesses are unlikely to survive should they fall victim to a major cyber incident. The findings reveal:
- 71% of business leaders surveyed believed that at least one member of their staff would fall for a convincing phishing email.
- 89% of bosses say the highly publicised cyber-attacks on well-known brands last year have made them significantly more alert to the dangers posed by online threats, though fewer than half (45%) have ensured all staff have undergone basic cyber awareness training.
The recent study, which surveyed 1,000 senior leaders across businesses of all sizes, paints a troubling picture of inadequate crisis preparedness, poor password practices, and staff susceptibility to phishing scams – all of which leave businesses exposed to cyber-crime.
With nearly two thirds of business leaders (63%) reporting that their organisation’s risk of cyber-attack has risen over the past year, password reuse remains particularly prevalent. Employers estimate that, on average, staff use their work password for up to 11 other personal accounts, including social media and dating sites.
Surprisingly, business leaders appear to be acutely aware of the risks posed by human error. Nearly three quarters (71%) believe that at least one member of their staff would fall for a convincing phishing email. The most common reasons given were:
- a lack of awareness and training
- staff being “too busy”; and
- the absence of clear protocols for verifying and flagging suspicious messages.
The emergence of artificial intelligence (AI) and deepfake scams is also causing concern. Approximately seven in ten leaders admit that deepfake AI videos have made them more wary of video calls that claim to be from senior colleagues or their boss.
Nick Gliddon, Business Director, VodafoneThree, said:
“Some of these findings are truly alarming. The revelation that one in ten business leaders believe their company would not survive a cyber-attack highlights the scale of vulnerability facing UK firms today.”
Gliddon continues: “Many steps – such as avoiding password reuse and enhancing staff training – are relatively simple to implement, and Vodafone Business is here to support organisations with practical solutions and expert guidance. In this context, the Government’s announcement of its second Telecommunications Fraud Charter, coupled with a new fraud strategy to be launched next year, marks a significant and timely development. This renewed focus from policymakers underscores the seriousness of the threat and the necessity of a united approach between industry and government to effectively tackle online fraud and cyber-crime.”
Tim Callan, Chief Experience Officer at Sectigo, commenting on the Vodafone Business report stated:
“Businesses need a multi-layered approach to avoid any damage as a consequence of phishing attacks. Employees should be trained in order to be able to realise when they could be targets of phishing attacks, but businesses should also look at tried-and-tested technologies and implement phishing prevention infrastructures through their IT ecosystems.”
Callan continues: “Public key infrastructure (PKI) is a catch-all term for everything used to establish and manage public key cryptography, the common form of encryption. Using PKI-backed digital certificates can ensure the identification and authentication of the users and machines, such as code and applications, within any given organisation and therefore help form another layer of security against phishing attacks.”
