Brits turn blind eye to cybersecurity risks with 90% using work laptops for personal use

Next story
  • Nine in 10 of those surveyed admitted to using their work laptops for personal activities, such as accessing illegal streams, gambling and viewing adult content
  • 63% of respondents accessing the dark web on their work laptop do so every week, with men 57% more likely to do so than women
  • 65% of respondents believe minimising cybersecurity risk lies with the company – either with the IT team or leadership

BOURNEMOUTH, UK – August 8, 2024 – Today, ESET, a global leader in cybersecurity, has released the findings of a UK-wide survey which reveals the risks that employees are regularly exposing their corporate devices to. Half (55%) of those surveyed ditched their personal laptops during or after the pandemic, with 90% of those surveyed now logging on to their work laptop to conduct personal activity.

Many of those surveyed admit to repeatedly using their corporate devices for risky behaviour: One in five (20%) respondents aged 18+ who view adult content do so daily, with the same number engaging in daily online gambling. At the same time, 10% of respondents who stream sports illegally do so daily, with 17% who access the dark web doing so daily.

Men are more than twice as likely to view adult content and 57% more likely to access the dark web on their work laptops than women. Those between 16-24 are most likely to use their own USB devices (18%) and connect to unsecured public Wi-Fi (16%).

Without proper security measures, these actions could expose sensitive company data to potential breaches. But questions remain over how IT teams can ethically monitor where security risks are coming from without violating their employees' privacy:

  • Over a third (36%) of respondents would feel their privacy had been violated if their boss could see all the personal activity they did on their work laptop.
  • 15% believe that everyone bends the rules occasionally, so they feel they're fine to do so as well.
  • Nearly one in 5 (18%) of respondents believe their job would be at risk if they were found out, with 8% considering resigning on the spot and 10% thinking they'd be sacked.

'Work from anywhere' policies have benefits but can also bring significant pressure to stay connected. Nearly half of those surveyed (46%) admitted having taken or being open to taking their work laptop on holiday with them, for whom two-fifths (40%) were specifically for work purpose. Yet, choosing to take a work device on holiday could put the employee's company at more risk, i.e. if they were to connect to public Wi-Fi, lose it or have it stolen.

Protecting company assets, IP, and data has become the number one priority for businesses, with employees often cited as the weakest link. Worryingly, the research found that nearly one in five (18%) don't have any cybersecurity software on their work laptops, and a further 7% have no idea if they're adequately protected or not. A fifth (19%) of people with personal devices haven't installed any security products on them, yet a quarter (23%) admit using them for work. This poses huge risks to the company, with threat actors able to access vital work information through unsecured personal devices.

Interestingly, while 65% of those surveyed believe the responsibility to minimise cybersecurity exposure lies with their company – either the IT team or company leadership, 50% believe that safeguarding their work devices is their personal responsibility. This split in perceived responsibility highlights the need for clearer guidelines and better education on cybersecurity best practices in remote working environments.

Jake Moore, Global Cybersecurity Advisor, ESET, commented: "We often hear 'employees are the weakest security link' and endpoint security may not be the first thought on people's minds, which can cause issues when switching between work and personal devices. Businesses need to ensure that employees understand cybersecurity risks and their role in mitigating them, which includes avoiding risky behaviour or accessing illegal websites on their work laptops".

Jake continues: "The increase in hybrid work and distributed workforces have significantly strained security teams. Switching between onsite and remote working locations may offer employees a better work/life balance. Still, IT teams must implement processes to manage employees' corporate devices remotely to protect their businesses. At the same time, workers should be reminded to regularly update their laptops to ensure they're protected at all costs".

Methodology:

The research was conducted by Censuswide, among a sample of 2,015 UK respondents who use a work laptop, aged 16+. The data was collected 25th – 29th July 2024. Censuswide abides by and employs members of the Market Research Society and follows the MRS code of conduct and ESOMAR principles. Censuswide is also a member of the British Polling Council.