According to a new report, the majority of executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large enterprise organizations.

The 2023 Not (Cyber) Safe For Work Report, released by Agency, reveals that 97% of respondents access work accounts on their personal devices and 95% use personal devices for work-related multifactor authentication, creating unexpected vulnerabilities as their personal devices are now being used as a work device by their employer for second-factor authentication in order to access sensitive company data.

The report was commissioned by Agency using a quantitative survey of 500 executives from companies with 500-plus employees with splits across age, gender, region, title and industry, conducted by OnePoll in Spring 2023.

Key report highlights

  • 97% of respondents access work accounts or applications via their personal devices, with 99% of C-level respondents accessing work accounts from personal devices.
  • 95% of respondents use personal devices for work-related multifactor authentication.
  • 89% of respondents say companies should provide cybersecurity software for employees' personal devices.
  • 88% of respondents sometimes or often receive work-related spam or phishing on personal accounts, with respondents from mid-size companies (700-999 employees) more likely to receive work-related spam than those from larger companies (1,000-3,999 employees).
  • 80% of respondents say it would be an invasion of privacy if their company were able to monitor the use of their personal devices.
  • 80% of C-level respondents are likely to send work-related messages, i.e., emails or texts, from their personal devices — more than any other group — with 74% of respondents overall sending work-related messages from their personal devices “frequently/often.”
  • 75% of respondents say their company has been the target of cyberattacks in the past, with the industries receiving the highest number of attacks including Information Research and Analysis (100%), Teaching and Education (89%), Engineering and Manufacturing (81%).
  • Almost three-quarters (73%) of respondents would allow their employers to install company software on their personal devices for the purpose of providing security, even if it meant they could see all their activity.
  • 58% of respondents say their spouse/partner has physical access to their personal devices, as well as children (38%), friends (18%) and parents (10%), with only 30% of all respondents saying no one else has access to their personal devices.