Tessian surveyed 4,000 employees across the U.S. and UK as well as 200 IT decision-makers to examine how security behaviors have shifted during the past year, the challenges as organizations transition to a hybrid work model, and why a fundamental shift in security priorities is required. 

Key findings include:

  • Remote work has not been good for employees’ cybersecurity habits
    • More than 1 in 3 (36%) employees have picked up bad cybersecurity behaviors and found security “workarounds” since working remotely
    • Two in five (39%) said the cybersecurity behaviors they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments
    • Over one quarter of employees admit they made cybersecurity mistakes while working from home that they say no one will ever know about
    • 27% say they failed to report cybersecurity mistakes because they feared facing disciplinary action or further required security training
    • Just half of employees say they always report to IT when they receive or click on a phishing email
    • While 70% of IT leaders believe staff will more likely follow company security policies around data protection and privacy once they return to the office, only 57% of employees think the same


  • Cybersecurity pitfalls in a hybrid workforce
    • 69% of IT leaders believe that ransomware attacks will be a greater concern in a hybrid workplace, with legal firms and healthcare organizations particularly concerned about this threat
    • 67% predict an increase in targeted phishing emails in which cybercriminals take advantage of the transition back to the office
    • Over half (54%) are concerned that staff will bring infected devices and malware into the workplace. And their apprehension is founded: 40% of employees say they plan to work from personal devices in the office. 
    • 60% think the return to business travel will pose greater cybersecurity challenges and risks for their company.