Following the release of Ofcom data on the dangers of AI and deepfakes, new research from workers in UK small and medium size businesses (SMEs) reveals that almost two-thirds (63%) are not confident they could spot an issue, highlighting a growing cyber and business threat. According to insights commissioned by Sharp Europe, the vast majority (86%) of UK employees say that they are more concerned about business cyber risks than last year – with AI being the biggest reason for this.
The research, conducted by Sharp Europe, a leading provider of business technology products and services, of over 11,000 employees in 11 markets across Europe including over 1,000 in the UK, found that despite these increasing concerns, not enough is being done by employers. Workers are not equipped to deal with the latest cyber threats and almost a third admit to being more concerned about making mistakes at work that could lead to a cybersecurity attack than they were a year ago.
Many agree that AI will make it more difficult to spot a potential cyber-attack and growing fears are also due to issues such as cybersecurity incidents experienced by friends or family members over the last 12 months.
These insights follow Ofcom’s latest study, released in late November 2024, on the UK’s wider online habits, where 34% of UK internet users admitted they had experienced scams, fraud and phishing and a staggering 43% believed they had experienced a deepfake in the first half of 2024. Sharp’s research reveals that nearly a third of UK employees (29%) believe they could not identify an AI security threat or fake email.
Mark Williams, Chief Operating Officer at Sharp UK said: “There is a worrying disparity between UK employees’ growing concerns about AI within cybersecurity and their perceived ability to effectively deal with cyber threats at work.
To make matters worse, business leaders aren’t providing their employees with adequate or regular training to deal with these new cyber threats. 90% of data breaches are caused by phishing attacks but an organisation’s people are also its first line of defence. Technology is constantly evolving, so cybersecurity training should be adapting at the same pace.
It is the responsibility of SME leaders to implement a robust cybersecurity training programme which is provided and updated regularly. In doing so, they can maintain a high standard of security awareness across their workforce that can be regularly adapted according to needs.”
Despite these growing concerns and lack of preparedness, security training from employers has been minimal over the last two years. In fact, just over one in ten believe that their organisations don’t take cybersecurity seriously enough. Sharp’s research shows that almost half (43%) of employees in UK SMEs haven’t had any form of training regarding cybersecurity in the last year, despite the emergence of new threats. More alarmingly,16% have never received any formal cyber security training at all.
Sharp’s research comes amid new cybersecurity legislation such as the recently implemented NIS2 Directive, the first EU-wide law on cybersecurity which aims to increase the overall level of cybersecurity in the EU and will impact UK businesses trading in Europe. UK government backed schemes such as the Cyber Essentials Framework additionally help businesses comply with the Government’s baseline standard for cyber security. Such legislations have been implemented amid a rise in cyber-attacks targeting European businesses, which have become even more sophisticated as a result of AI.
Research
The research was conducted by Censuswide from 30 October 24 – 8 November 24 and responded to by 11,003 employees within SMEs from 11 countries including Austria, Belgium, France, Germany, Italy, the Netherlands, Poland, Spain, Sweden, Switzerland, and the UK.
