Nearly Two Thirds of Brits Don't Realise Hacking is a Criminal Offence

New research from Centrify reveals that the majority British workers are unaware that unauthorised access to an email or social media account is breaking the law and punishable by a large fine or prison sentence

November 05, 2019

London ― 04 November 2019 ― 63 per cent of British workers do not realise that unauthorised access to an email account without the owner’s permission is a criminal offence, according to a new study from Centrify, a leading provider of cloud-ready Zero Trust Privilege to secure modern enterprises.

This news comes just a few months prior to the 30-year anniversary of the Computer Misuse Act – a piece of law that deals with the crime of accessing or modifying data stored on a computer without authorisation to do so. As it stands, the lowest-level of penalty if you are found guilty of gaining access to a computer without permission is up to two-years in prison and a £5,000 fine.

Rather worryingly, 69 per cent of those surveyed revealed that they do not have confidence in their security processes when it comes to protecting their data. As a result, almost two-thirds (63 per cent) of workers refuse to change their passwords when prompted to by an app or their company. At the same time, 27 per cent use the same password for multiple accounts, putting both their personal life and their professional security at risk.

The survey of 2,000 fulltime UK workers in professional services, conducted by independent survey company Censuswide, also found that one in 20 workers have admitted to logging into their friend’s Facebook without permission. A further one in 25 admit to having hacked-in to a colleague’s email account without permission.

Findings also included 14 per cent do not use multi-factor authentication for apps or services unless forced to do so, and 14 per cent keep their passwords in a note book or on their desk – putting their companies’ data at risk of hackers or even colleagues with malicious intent.

Andy Heather, VP, Centrify comments:
“Cyber attacks can have a devastating impact on a company or individual and it is important that workers understand how seriously instances of unauthorised access to someone else’s computer will be taken.

“The Computer Misuse Act does not discriminate between hackers with malicious intent and employees who do not know the law. Would the one in every 20 employees who have admitted to hacking done so if they realised the risks that are presented to their company, and the actions which could be taken against them were they caught?”

“At the same time, workers must ensure that they take the necessary precautions in ensuring that their own passwords can not be guessed, stolen or obtained by any of their peers, and organisations must adopt a zero-trust approach to further reduce the risk of malicious parties taking advantage of their colleagues log-in credential and their company’s data.”

Donal Blaney, cyber law specialist at Legal 500 ranked firm, Griffin Law comments:
“Business owners and managers need to get their acts together. Ignorance of the law is no defence. Their systems are vulnerable to attack and if employees do things in the name of their bosses, that opens businesses and their owners or directors up to substantial liabilities. It’s time to wake up before it’s too late.”

About the research
Censuswide, the independent polling company, conducted the survey of 2,000 UK workers in professional services jobs in September 2019.

About Centrify
Centrify is redefining the legacy approach to Privileged Access Management by delivering cloud-ready Zero Trust Privilege to secure modern enterprise attack surfaces. Centrify Zero Trust Privilege helps customers grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse.

Centrify is a registered trademark of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.

Ready to Protect Against the #1 Attack Vector?

Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.

Free Trial