The misconceptions that are duping UK workers and putting British businesses at greater risk of cyberattacks
London, UK – Wednesday 15th October 2025 – One third of UK workers believe only big businesses can get hit by hackers and small firms are not targets at all. This is despite the fact that SMEs offer rich pickings for cyber attackers. And, one in six UK workers take no responsibility for protecting their business from cyberattacks, believing it’s only the IT/cybersecurity teams that are responsible for protecting their company.
New research from data security expert Cohesity, released during Cybersecurity Awareness Month, reveals the cybersecurity myths that people mistakenly believe. This lack of understanding amongst employees is opening the door to malicious players, leaving UK companies dangerously exposed to cyber threats which can bring their businesses to a grinding halt or even total destruction.
The top five myths that workers mistakenly believe are:
- Cyber security – that’s just for the IT crowd. 60% of employees think only IT or cybersecurity teams are responsible for protecting their company from cyberattacks. In reality, every employee plays a crucial role in keeping data safe.
- Ransomware steers clear of small businesses. A third (33%) think ransomware attackers only target big businesses. The truth? Companies of all sizes are at risk. In fact, small firms are often even more at risk, as they frequently lack the skills and technology found in larger companies.
- Wi-Fi wards off ransomware. Almost half of workers (44%) wrongly believe ransomware can’t spread through Wi-Fi, making it easier for attackers to catch people off guard.
- Pay hackers, lose twice: the data is still gone. 33% of employees believe that paying cyber criminals is the only way to reclaim company data after it’s stolen, despite the NCSC advising that organisations consider viable backups or decryption tools first.
- Macs, mobiles and USBs are immune. Over half of the UK’s employees (58%) assume that Mac computers will keep them safe and can’t be used as an entry point for cyberattacks. This is followed by mobile phones (51%) and USB devices (39%). In fact, cyberattacks can be designed for any connected device.
Why Understanding the Risks Matters
Olivier Savornin, GVP Europe at Cohesity, warns: “Despite cyberattacks being in the headlines day in, day out, there’s much to be done when it comes to educating employees about what good cyber hygiene looks like.”
“It doesn’t matter how advanced your cybersecurity solutions are if employees are unable to identify and escalate suspicious activity. Social engineering attacks specifically prey on human error, which means every employee is a potential target and a line of defence.
“Building true cyber resilience requires a three-pronged approach: robust technology, continuous employee training, and a culture that actively promotes vigilance at every level of the organisation. Without this, organisations remain dangerously exposed.”
Research Methodology
Cohesity conducted research amongst full-time office workers to understand beliefs, knowledge, and behaviour when it comes to malicious cyberattacks, including ransomware. Research was conducted in partnership with OnePoll and surveyed 2,000 UK employees in June 2025.
About Cohesity
Cohesity protects, secures, and provides insights into the world’s data. As the leader in AI-powered data security, Cohesity helps organizations strengthen resilience, accelerate recovery, and reduce IT costs. With Zero Trust security and advanced AI/ML, Cohesity Data Cloud is trusted by customers in more than 140 countries, including 70% of the Global 500. Cohesity is also backed by partners such as NVIDIA, Amazon, Google, IBM, Cisco, and HPE.
Cohesity is certified as a Great Place to Work in multiple countries. Follow Cohesity on LinkedIn and visit www.cohesity.com to learn more.