Two in three companies at risk of cyberattacks due to insufficient password policies


Password protection facilities ensure that personal data is kept safe, but a new study reveals that many businesses are ignoring advice and leaving themselves vulnerable to cyberattacks.

A study of 1,247 workplaces, by cybersecurity experts, found that two-thirds of businesses (66%) leave themselves at risk of cyberattacks due to their lack of having (or enforcing) password rotation policies. 

In fact, it is advised that you should change your password every 60-90 days1, but a significant number of workers (46%) confess to ignoring this advice and are therefore leaving themselves open to risk. 

Of the companies that do have password rotation policies in place, 45% of employees confess that they didn’t know these policies actually existed. 

A staggering 57% who did know about their company’s password protection policies revealed they do not adhere to them by regularly changing their password, and of those who do adhere, 63% will simply use the same passwords on rotation. 

For the companies without password rotation policies, only 7% of employees bother to regularly rotate or change their passwords. 

The main reasons workers cited for not changing their passwords were: 

  • they are worried they will forget their password (57%) 
  • regularly changing passwords is annoying (48%) 
  • they don’t see the point (45%) 

When asked if they worried about the risk of a data breach due to a lack of security, 37% of education workers said it had never crossed their mind, while 28% confessed to not being concerned. 

Surprisingly, the research also found that managers and C-suite staff were more likely to not follow password rotation policies (38%), with entry-level employees not far behind (34%). 

The types of businesses leaving themselves most vulnerable to cyberattacks by not regularly rotating passwords are accountancy and finance (34%), construction (31%) and education (26%). 

David Janssen, security researcher and founder at comments: “Password rotation is such a simple policy that both businesses and employees can put in place to safeguard and protect their work. Changing your password every 2-3 months is a really effective way to deter cyberattacks, and although yes, some may find it frustrating, it could save a lot of heartache down the line.” 

“It was shocking to see that so many workers didn’t realise what the point in regularly changing their password is, and it’s clear from our research that companies and employees alike need to be educated on the importance of implementing policies such as these.”

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter