Are your employees putting your business at risk? 1 in 8 UK employees reuse personal passwords at work.

Blog | Cyber Security

New research by cyber and data security consultancy CSS Assure, has shone a light on the UK’s password habits and the results make sobering reading for businesses.

As well as 1 in 8 employees reusing personal passwords at work, research showed, 


  • The majority (73%) of the UK workforce not changing their professional passwords often enough 
  • 1 in 3 employees admit to NEVER changing their work log-in (30%) or email (32%) passwords, or only doing so when prompted 
  • Almost three quarters of respondents (74%) claim to be cyber security aware – despite poor password habit


Why it is so important to practice good password habits 


Cyber criminality is here to stay and is an increasing plague on society – causing damage, while often fuelling and funding international crime and global terrorism. 


No business is immune from cyber attacks and it is vital companies make themselves as hard to hack as possible. As a minimum, businesses should encourage and remind their employees to change their passwords at least once every three months as this will stop or prevent access to accounts if data has been breached. 


Changing passwords is the single greatest defence a business can take towards protecting itself against a cyber attack. Currently, there are millions of emails and passwords for sale on the dark web for miniscule amounts, waiting for cyber criminals to purchase. 


Using the same password across multiple accounts or both personally and professionally is a major weak link in a company’s security system. If one site is breached and an employee’s credentials are exposed, their risk is amplified exponentially if they use that same password elsewhere. 


What can be done to mitigate risk?  Educate, educate and educate again 


The research shows that the problem is endemic across all sectors and work types which highlights the importance of education to all. 


One in five directors and business owners admitted to reusing passwords across multiple accounts, while a quarter of senior managers said they write their passwords down in a notebook or on a mobile application. 


Poor password management is a root cause for many data breaches. However, it’s important to remember that the habit can often be attributed to poor personal discipline, as opposed to malicious intent by your employees. 


Typically, people are unaware they are putting their company at risk, with many believing they are cyber security aware – even though they are making mistakes that can have dangerous consequences. 


Educating all levels of the workforce on why and how poor practices can lead to data breaches, as well as encouraging good habits, including changing passwords regularly together with being able to recognise threats and attack is vital to help businesses protect themselves from major financial, reputational and legal damage.  

Published: 4th May 2022
Area: Cyber Security Solutions