Businesses face an ever-present cyber threat. The average cost of a data breach hit USD 4.88m in 2024, according to IBM’s most recent Cost of a Data Breach report (opens a new window) – an increase of 10% on the previous year. But for employees, cyber threats aren’t confined to the workplace. As scammers and criminals increasingly target individuals in their personal lives, there is a growing need for employers to support their cyber wellbeing.
Employees are targets of cyber crime
Employee behaviours are a key source of any organisation’s exposure to cyber-attacks, be it through clicking on a malicious link, using a weak password, or connecting to an unsecure network.
But cyber safety for employees goes beyond standard approaches to business security. Attackers are increasingly targeting employees in their personal lives, capitalising on lower standards of cyber resilience. According to data from Ofcom (opens a new window), more than half (51%) of UK adults have experienced impersonation fraud, while 40% have faced forms of investment, pension, or ‘get rich quick’ scams. Other notable forms of fraud include computer software service fraud (37%), fake employment scams (30%) and identify fraud (24%).
The risk to individuals is growing globally. According to data gathered by the US Federal Bureau of Investigation (opens a new window), total losses per year from internet scams affecting individuals across the globe has been continually increasing, from USD 3.5bn in 2019 to more than USD 12.5bn in 2023.
Key cyber threats to individuals include:
Data breaches – unauthorised access to confidential or sensitive information, arising from factors including cyberattacks (like malware, or ransomware), accidental exposure, or vulnerabilities in systems.
Account and device hacking – unauthorised access to digital systems, potentially leading to data theft, identity theft, and financial loss.
Online fraud – encompass various scams and cybercrimes, including purchase and investment scams, aimed at deceiving individuals and stealing money or personal information.
Phishing scams – online attacks in which criminals, posing as legitimate entities, trick victims into revealing sensitive information like passwords or credit card details.
Identity fraud – when an individual’s personal details (e.g. name, date of birth, current or previous addresses) are used to obtain goods or services without their permission.
The impacts of cybercrime
For both individuals and their employers, the impacts of cyber-attacks can be wide-ranging and severe. The most obvious impact of any attack is the financial loss suffered on behalf of the victim. This in turn could lead to a worsening of financial standing and reduced financial security, particularly where the size of the loss has been severe.
However, financial loss isn’t the only impact of cybercrime; victims may also face a range of health and emotional impacts that may impact their everyday life. According to research from the UK Home Office (opens a new window), anger (86%), stress (73%), and anxiety (63%) ranked among the most common negative impacts reported by victims of an attack. Notably, these ranked higher than financial loss (57%), indicating that cybercrime can be detrimental to victims even where the crime is unsuccessful, or funds are recovered. Other impacts reported included embarrassment, declining trust in others, fear, loneliness, and sleeping difficulties.
These impacts can have knock-on consequences for the victims’ experience of work. Employees may become distracted at work, or their productivity may be reduced due to the impact of poor mental health or financial wellbeing. Victims may also demonstrate a reluctance to use technology, and they may begin to doubt their ability to perform tasks that they could do previously. In the most extreme scenarios, employees may have to take time off work altogether.
Crucially, while it takes only a few seconds to become the victim of cybercrime – the time taken to click on a link or fill in your details – the emotional impacts can last for weeks, months, or years. The most long-lasting impact to affect victims was self-harm, followed by depression. In their capacity as employees, this amounts to a potentially significant and long-term disruption to victims’ ability to work.
Why businesses should support ‘cyber wellbeing’
The scale of potential harm makes for a strong business case to support employee cyber wellbeing, understood as an awareness of cyber threats and ability to protect oneself against harm. Ultimately, this can help to prevent employees falling victim to a cyber-attack.
For employers, the benefits of employee cyber wellbeing include:
Device security – employees using personal devices to work may be exposed to cyber security risks that threaten the security of work data, such as malware, data breaches and fishing attacks. Improving cyber awareness can reduce the likelihood of such risks.
Better productivity and work focus – employees without concerns arising from victimisation, including poor wellbeing and mental health, are more likely to be engaged and confident in the workplace, boosting productivity.
Security-first culture – by encouraging employees to practice good cyber hygiene in their personal lives, employers can better understand their role in defending company-wide cybersecurity. Employees may be less likely to fall victim to a cyber attack in a professional capacity, protecting the wider business from harm.
Talent attraction and retention – employees are increasingly placing value on non-financial forms of reward. Access to tools and resources to protect them can form a valuable and innovative component within a broader employee value proposition (EVP). This can be a useful reward in the race to secure and retain top talent.
To achieve this, employers can:
Train employees on cyber risks – covering topics such as how to identify scam communications, the importance of updating systems, multi-factor authentication (MFA) tools, and data backups.
Issue resources on cyber safety – including providing links to relevant online tools, hosting webinars, and appointing in-person champions to be a point of contact on cyber issues.
Explore cyber-related benefit schemes – Employee benefit solutions for cyber-wellbeing, now include products that provide a comprehensive cyber-security package including device protection, anti-tracking (VPN), password management, identity protection, online monitoring, restoration and remediation support. These solutions can be company-funded or offered as a voluntary benefit for employees to select at their own cost. Lockton can support corporates in procuring this solution, through our vendor partner, Norton LifeLock.
These efforts are an investment, not a cost. By improving employee cyber wellbeing, employers can deliver a positive impact for themselves and their workforce.
Reach out to a member of our team for further information.
