More Than 4 In 5 Workers Exhibit Poor Security Behaviours: KnowBe4 TAPPED Out Study

Multitasking found to be a security issue for UK workers according to new research

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today released its TAPPED Out Report which stands for Tired, Angry, Pissed, Pressed, Emotional and Distracted. It offers a detailed look into the security attitudes and behaviours of over 6,000 workers in the UK; specifically, 2,007 full time working from a remote location, 2,006 full time working in a hybrid fashion and 2,003 full time working from the office. Tapped-Out-Survey-Research-Fanned

Factors influencing cybersecurity behaviour

The survey findings, which were obtained by Censuswide on behalf of KnowBe4, found that more than 4 in 5 hybrid (82%), in-office (84%)  and remote (85%) workers do not always make security-conscious choices while they claim there are specific times of day when they are/would be more likely to pay closer attention to cybersecurity. For instance, when comparing findings from before lunch and after lunch (including after their working day and in the evening), remote (34% vs 29%), hybrid (32% vs 24%) and in-office (32% vs 21%) are all more likely to make security-conscious decisions before lunch, rather than after lunch.

The full report can be viewed here, and highlights a number of key findings covering security attitudes and behaviours, including:

“Not my responsibility” Attitude towards company cybersecurity

Just over a fifth (21%) of full-time office workers do not feel responsible towards their company’s cybersecurity, compared to 1 in 7 remote or hybrid workers (both 14%). While the majority of workers do take some pride in their organisations' cybersecurity, the behaviour they display actually paints a different story.

Issue of multitasking

Almost half (47%) of hybrid workers say they have checked emails first thing in the morning while still half asleep – a similar percentage of remote workers (44%) say the same, whilst fewer (37%) in-office workers are guilty of this habit. Moreover, a fifth of hybrid (20%), in-office (20%) and remote (21%) workers say they have responded to their work emails while on the toilet. Those who work remotely (8%) or in a hybrid setting (7%) are slightly more likely than those who are in the office full time (5%) to have responded to work emails when tipsy/drunk/high.

Distractions impact awareness

Almost 2 in 5 (39%) workers who have clicked a link they shouldn’t have were distracted at the time. Over a third (35%) said they were feeling stressed. Being in the right mindset and having mental clarity will dramatically reduce the chances of mistakes being made like clicking phishing emails or malicious attachments; however, that can be difficult at times, as many factors and distractions can occur during a traditional working day. Also, practising good cyber hygiene and exhibiting secure behaviours can help to prevent costly and reputation damaging security breaches and other incidents. 

While each group of workers tends to experience slightly different distractions during their regular work day, whether that be unnecessary meetings or hunger and snack breaks, they were all unanimous in stating phone notifications and calls were the biggest (39% remote, 45% for hybrid and in-office workers). As one might expect, deliveries tend to create more of a distraction for workers who spend time working from home. Almost 3 in 10 (28%) full-time remote workers surveyed, and just over a quarter (26%) of full-time hybrid workers surveyed say they are distracted by deliveries in their regular working day, while just 15% of those working from the office full time say the same.

Tips to avoid distractions that can lead to detrimental mistakes

  1. Determine what personal best practices look like for your work day. 
  2. Schedule time for emails instead of leaving an email inbox open all the time. 
  3. Prioritise your day by writing down the most important tasks/projects to be completed. 
  4. Turn off notifications on your cell phone. 
  5. Handle emails immediately instead of leaving it for later to save time. 


“With email apps easily accessible on our phones, it has become a bad habit among many of us to scroll through our unread messages while on our daily commute, on holiday or even at our local pub late on a Friday evening,” said Javvad Malik, lead security awareness advocate at KnowBe4. “However, it’s in times like these that we are most likely to be distracted or emotional, and make a mistake - whether by sending off a poorly written email, cc’ing the wrong recipients or clicking on a phishing link. Security awareness training and simulated phishing can reinforce secure behaviours and encourage a strong security culture.” 

“Add to this a rise in remote and flexible working, which have seemingly sparked other notable trends, including blurring the lines between work and life. While this survey highlights the changes in our working environment and how employee behaviours might be putting companies at greater risk of a cyber attack/incident, it also provides greater insight into when best to educate the workforce with the necessary security awareness to help them, and their organisations, make better decisions,” he continued.

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 65,000 organisations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organisations rely on KnowBe4 to mobilise their end users as their last line of defence and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.


Get the latest about social engineering

Subscribe to CyberheistNews