Password Faux Pas Leave Companies At Risk Of Cyberattacks

Password rotations policies and adherence amongst workers

Nowadays, electronic devices come with numerous password protection options to ensure data and information are kept safe. This also applies to working computers. However, despite this, a new survey has found that businesses that do not have password rotation policies in place may still be leaving themselves vulnerable to cyberattacks.

A survey to assess password policy adherence within companies

We recently surveyed 1,247 workplaces in the United Kingdom, and found that two-thirds of businesses (66%) leave themselves at risk of cyberattacks due to their lack of having (or enforcing) password rotation policies.

Our survey further revealed some of the main reasons workers cited for not changing their passwords. These reasons included:

  • Workers are worried they will forget their password;
  • Workers said regularly changing their password is annoying.

Surprisingly, the research also found that managers and `C-suite staff were more likely to not follow password rotation policies with entry-level employees not far behind.

Finally, the study revealed that the types of businesses most likely to leave themselves most vulnerable to cyberattacks by not regularly rotating passwords are accountancy and finance, construction companies, and educational institutions.

We’ve made a synopsis of the raw data, as well as an infographic summarizing the main outcomes of our survey.Infographic password good practices in the workspace

Cybercrime has seen a tremendous surge since the onset of the Covid-19 pandemic, and with employees working remotely companies have become extra vulnerable. An organization’s resilience against cybercrime is as strong as its weakest link, so it’s pivotal thorough security protocols are in place and adhered to by the complete workforce.

Cybersecurity analyst
David is a cybersecurity analyst and one of the founders of Since 2014 he has been gaining international experience working with governments, NGOs, and the private sector as a cybersecurity and VPN expert and advisor.