Survey Reveals: 50% Of Respondents Face Cyberattacks Yearly — Employers Blame Employees

By   ISBuzz Team
Writer , Information Security Buzz | Sep 21, 2023 01:38 am PST

Around 24% of employees have never had any cybersecurity training, according to a new study by NordLocker. This survey also revealed that when it comes to responsibility for phishing attacks, ransomware attacks, and malware infections, respondents indicated that companies frequently shifted the blame onto employees and felt they should bear accountability for these types of threats.

The survey also reveals that a significant 54% of companies have encountered a cybersecurity incident within the past 12 months. These incidents encompass a wide range of security breaches, including phishing attacks, data breaches resulting from third-party vendor hacks, malware infections through malicious email attachments, and various other forms of cyber threats.  

The marketing industry has emerged as the most vulnerable to cybersecurity issues, particularly in relation to data breaches stemming from compromises within their network of third-party vendors.

Other findings:

  • About 25% of respondents wouldn’t know what to do in case of a cyberattack.
  • Only half of the companies use encryption.
  • Approximately 40% of companies have no dedicated person for cybersecurity incidents;
  • About 39% of respondents have sent an email to the wrong person at some point in time.

People store their personal information on their work computers

NordLocker research indicates that over 30% of respondents admit to storing their personal information on their work computers. While the percentage of individuals using work devices for personal purposes is relatively lower at 22%, this number still raises concerns and paints a worrisome picture. 

“Considering that one in five people utilize their work computers for personal tasks or to store personal data, the implications become more significant. This highlights the potential risks and security vulnerabilities associated with employees combining personal and work-related activities on company devices,” says Aivaras Vencevicius, head of product for NordLocker.

Vencevicius emphasizes that the practice of using work computers for personal purposes can have a significant impact on the overall security of company data, particularly when faced with threats like ransomware attacks. Hackers may exploit the personal information stored on these devices to manipulate employees into granting access to sensitive company resources.

The survey also reveals that 36% of respondents express a high level of concern regarding their own privacy when using their work computers. When questioned about the perceived threat of personal information leaks, an overwhelming 61% confirmed that they would view it as a serious and significant risk.

Identical passwords for home and work accounts 

The survey results indicate a trend among respondents, with 42% admitting to reusing passwords for both their home and work accounts. This behavior can be attributed to the fact that only 41% of participants claim to remember their passwords, leading them to opt for convenience over security by using the same passwords across multiple applications and systems.

Regarding password change frequency, respondents reported doing so once a year (11%), once every six months (26%), or once a quarter (39%). However, it remains unclear whether these changed passwords are genuinely unique, robust, and difficult to crack or if they are simply variations of previously used passwords.

An alarming discovery was that nearly 40% of respondents store their passwords in an open file on their computer or in a physical notebook. While some individuals utilize browser-based (27%) or third-party (28%) password managers, it is still worrisome that a significant portion of users opt for less secure storage methods for their passwords.

What do the findings mean?

The findings shed light on the concerning state of data security practices among business professionals. While a portion of employees may employ measures such as encryption, password managers, or encrypted cloud storage platforms to safeguard company data, there remains a substantial number who jeopardize the security of their organization by occasionally engaging in irresponsible behavior.

These results highlight the urgent need for organizations to prioritize comprehensive training programs and establish clear guidelines regarding data security protocols.

Vencevicius says that by instilling a culture of responsibility and accountability, businesses can mitigate the risks associated with lax data security habits and foster a more secure working environment. It is imperative for employees to understand the potential consequences of their actions and actively adopt best practices to ensure the protection of sensitive company information.


Data was collected from an anonymous survey on June 8-13, 2023, and examined the cybersecurity habits of 500 business professionals from small to medium-sized companies (up to 100 employees) in the finance, accounting, law, tax consulting, and marketing sectors.


NordLocker is the world’s first end-to-end file encryption tool with a private cloud. It was created by the cybersecurity experts behind NordVPN – one of the world’s most advanced VPN service providers. NordLocker is available for Windows and macOS, supports all file types, offers a fast and intuitive interface, and guarantees secure sync between devices. NordLocker protects files from hacking, surveillance, and data collection. For more information: