Close this search box.

Cyber security? It’s not a tech problem

Cyber criminals will target the weakest part of your organisation. And worryingly, they already know what it is. Because for you – like almost all organisations – your weakest link is your employees.

When we relay this message at talks and keynotes, the room typically looks indignant. “Not in our business,” we hear, and “our team would never be so malicious”. But malicious behaviour only counts for a tiny fraction of all employee-related breaches. The vast majority come down to a lack of awareness and poor communication from the top.


Designing out negligence

According to the 2020 State of Privacy and Security Awareness Report, only 27% of employees could identify at least two warning signs that malware has infected their computing platform. A general lack of awareness surrounding data security and privacy is an ongoing issue. An employee’s bad habits can lead to these data breaches.

These include:

  • Lost IT equipment
  • Computers left unlocked or unattended
  • Passwords shared via text message or WhatsApp
  • Paper notes left on desks
  • Working from home or in public on an unsecured Wi-Fi connection

This last habit is especially troubling, considering that more than two-thirds of UK businesses plan to continue offering remote working or hybrid arrangements.



39% of British businesses reported cyber breaches in 2021


The average cost of a data breach in 2021 was £4.24m


The largest ransomware fee demanded was £70m


Compromised credentials caused 20% of all data breaches in 2021

“Often employees are unsure about who is responsible for cyber security. The best way to overcome this is to put the responsibility onto the individual. Ultimately cyber is a shared commitment, it’s everyone’s responsibility to be knowledgable, proactive and vigilant”

Richard Stathers
Operations Director, Thinc

Getting this message to cut through in an already busy environment can be a challenge. In our experience, getting an organisation primed for a successful transition to becoming cyber aware takes a few key steps:


1: Get buy-in from leadership

Talking ‘technology’ rarely gets an entire leadership engaged. So instead, build the business case. Detail how data breaches and cyber attacks could affect the bottom line.

By using numbers and relatable real-life examples, you can bring ‘technology’ issues like cyber to life and make it meaningful for all aspects of the organisation. This will lead to the support you’ll need to make cyber security a priority.


2: Communicate cyber continuously

Despite cyber being everyone’s responsibility, it is still part of the organisation’s role to train and empower employees to be cyber vigilant. That requires great training, unearthing champions (it works well if they’re not in an IT role) who ‘get it’ and keep the conversation current, and establishing clear lines of communication should a breach or attack occur.

This is an ongoing task, but organisations that excel in this area integrate cyber security into the rest of their operation. Including cyber security in new employee onboarding programmes, discussing cyber security in PDPs and at team events can keep cyber on the conscience of your team.


3: Create a sharing environment

Create an environment where discussing cyber security is encouraged and rewarded. It’s essential to avoid ‘blame’ as that will lead to individuals trying to cover their mistakes, potentially putting the wider organisation at further risk.

Cyber security is likely to be seen as another ‘new’ part of people’s already busy workloads, so taking a carrot rather than stick approach can yield benefits. The early detection, prevention and small ‘wins’ should be rewarded.

Cyber security is a team effort. By following these steps and accessing great training, you can put your employees in a position to succeed.


Why switch your IT partner?

What can AI do for your financial software?

Why growing SMEs turn to Sage Intacct for their finances

Speak with us

Enter your details into the contact form below, and one of our experts will be in touch to arrange a time to speak.

Contact Details


If you’re an existing customer looking for support, please e-mail servicedesk@wearethinc.com, or visit our support page where you can download our remote support apps.