Skip to main content

Employee mistakes and poor security leaving businesses open to cyber-attacks, QBE research finds

Almost a third of employees (31%) have made mistakes that could impact the cyber security of their workplace, research from QBE has found.

According to a recent survey, these ranged from falling victim to a phishing scam (5%), accidentally clicking a link or downloading something that resulted in malware being added to a work device (7%), losing or having a work device stolen (6% and 7%) to sharing passwords with colleagues (13%).

Less than half said their workplace has the following in place to mitigate potential cyber risks, including:

  • Cyber security training for employees in place (46%)
  • Multifactor authentication (MFA) to log on to work devices/systems (43%)
  • Phishing and cyber scam simulation exercises (29%)

The results suggest that companies should be looking into how they can educate employees to be more aware of risks and take necessary steps to mitigate them in order to have a more robust cyber security plan in place.

Erica Kofie, Head of Cyber Proposition for QBE Europe said: “Your employees can be your weakest link when it comes to cyber security and it is important to have an education programme in place to remind   them about the risks, how to spot suspicious activity and what to do (and not do). Sporadic phishing simulations are also recommended to highlight areas of your workforce you might need to spend more time educating about the risks.”

Businesses need to keep an eye on emerging risks

With the nature of cyber-attacks constantly evolving, businesses should make sure they are regularly reviewing cyber plans to keep up.

Phishing is one example where techniques by criminals are becoming increasingly sophisticated. 13% of employees surveyed said they would not feel confident in recognising a phishing scam.

In addition, with the rise in artificial intelligence, the majority of those surveyed (56%) said they believe AI will actually increase cyber risk rather than reduce it (12%).

According to Eric Kofie a, businesses will need to be carefully looking at factors such as IT security, employee training and response plans to not only be more resilient to cyber risks, but also to improve their risk profile for, which affects the level of coverage cyber insurers will offer and at what premium.

Erica continued: “It’s crucial for businesses to take stock of their cyber security, not only to address any gaps that might let criminals in, but also to ensure they can access full levels of insurance. As part of our ongoing dialogue with customers, we focus on ‘being ready’, and part of this includes sharing appropriate information on failed attacks, which protections worked, the vulnerabilities which have allowed cyber breaches to happen, and ways to improve security.”




For further information contact:

Sandra Villanueva, Corporate Communications, QBE, 020 7105 5284,

Alexis Burris, Corporate Communications, QBE, 020 3465 3921,


About QBE

QBE helps businesses build resilience through risk management and insurance.

QBE European Operations is part of QBE Insurance Group, one of the world’s leading international insurers and reinsurers and Standard & Poor’s A+ rated. Listed on the Australian Securities Exchange, QBE’s gross written premium for the year ended 31 December 2022 was US$20 billion.

As a business insurance specialist, QBE European Operations offers a range of insurance products from the standard suite of property, casualty and motor to the specialist financial lines, marine and energy. All are tailored to the individual needs of our small, medium and large customer base.

We understand the crucial role that effective risk management plays in all organisations and work hard to understand our customers’ businesses so that we offer insurance solutions that meet their needs – from complex programmes to simpler e-trading solutions – and support them in minimising their risk exposures. Our expert risk management and rehabilitation practitioners focus on helping customers improve their risk management so that they may benefit from a reduction in claims frequency and costs.