40% of small business employees worried they’ll be blamed for data breaches at work


Avast (LSE:AVST), the digital security and privacy products provider, has found that almost 40% of small business employees think that a staff member who unknowingly clicks a malicious link would be held personally responsible for a data breach, which could be encouraging employees to keep quiet rather than flagging a potential threat.

The survey, consisting of 2,016 office-based workers in the UK and US, explores the current cybersecurity awareness levels among small business employees during a period of elevated risk brought to pass by the ongoing pandemic. It found that many employees were also unaware of the threat level within their workplace with over 70% thinking the biggest cybersecurity threat is outside their organisation. To tackle these common misconceptions, Avast Business has developed the Cybersecurity Basics Quiz, an educational tool which provides small business owners with the opportunity to assess employee knowledge gaps and identify the areas where more training is required.

With less than 18% of employees knowing that ignoring updates for trusted applications can leave their company vulnerable to a cyberattack, the survey points to quick, simple changes that can be made to help organisations avoid unnecessary breaches. This was found to be especially true in government/public sector roles, where employees admitted their reliance on  IT departments telling them when to update their trusted applications - demonstrating the importance of automated, centrally controlled updates to reduce the burden of responsibility being placed on individual employees.

In addition, over 65% of employees think that large businesses are more likely to be victims of a cyberattack than small businesses. While cybersecurity has become an increasingly important focus for small businesses around the world, the survey suggests there is still a lack of understanding about the most vulnerable types or organizations, which could potentially lead to employees letting their guard down.

“Every organization has a responsibility to provide employees with a secure setup, whether they’re office-based or working from home. This secure setup is not just hardware and software, it also extends to training,” said Lindsey Pyle, VP SMB at Avast. “There is a heightened reliance on information sharing by IT and security departments as bad actors increase the volume of attacks intended to deceive unsuspecting employees. For example, updates on the latest phishing campaigns and how to spot spear phishing emails should be consistently communicated across a company to prevent data breaches and infections from malware. The findings from our survey indicate there’s room to improve the dissemination of information to small business employees. SMB owners should put in place clear policies for employees to follow to help them gain a better understanding of what constitutes good security practice, and that they are not to blame should something go wrong.”


In September 2020, Avast Business surveyed 2,016 employees across the UK (1,012) and the US (1,004). Respondents were split across five main industries:

  • Education 20.1%
  • Government and public sector 20.3%
  • Manufacturing 20.1%
  • Non-profit and social services 19.8%
  • Shipping and distribution 18.9%
  • (Misc. 0.8%)

The research was conducted as an online survey, with individuals recruited from independent double opt-in market research panels via a sample exchange platform that is compliant with ESOMAR, MRS, ARF, MRIA, AMA, AMSRO, Insights Association standards, ISO 20252 and ISO 26362.

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter