UK businesses are putting themselves at risk due to poor cyber hygiene

News
By published

Employee accounts are a breeding ground for attacks

A padlock resting on a keyboard.
(Image credit: Passwork)
  • SailPoint report shows UK firms neglect identity security
  • 77% fail to deactivate ex-employee accounts, fueling credential abuse
  • Outdated manual processes leave thousands of users and AI agents unmanaged

Businesses in the UK are putting themselves at plenty of risk, thanks to poor cyber-hygiene and not paying enough attention to identity and access management. This is according to a new report from SailPoint, based on a survey of 333 IT decision makers from large organizations in the country.

The survey found that the vast majority of businesses (77%) do not immediately deactivate digital accounts for people who leave the organization. This creates a security gap that can be abused not just by former employees (who can steal sensitive files and transfer them to a different company), but also by cybercriminals, since these accounts are unmonitored and thus practically invisible.

SailPoint says the problem is even worse than it seems, since a fifth (21%) of the entire UK workforce swapped jobs last year. It also said that incidents stemming from compromised credentials surged by 160% year-on-year, showing just how great the risk really is.

Article continues below

Broad access and swelling accounts

But the problems don’t start when employees leave. They start a lot earlier, research has shown, since more than a third (34%) of surveyed businesses admitted to knowingly granting broader access to users.

At the same time, the number of user access points organizations manage on a daily basis is swelling. Besides new employees going in and out, there are also contractors, partners, and suppliers that the businesses need to monitor. Also, in more recent times, the emergence of automation and agentic AI further complicates things.

On average, organisations have nearly 3,000 (2,754) new users in systems each month. More than a quarter (26%) are onboarding up to 250 new employees every month, while a tenth (12%) are adding as many as 10,000 AI agents and machine identities at the same time.

Finally, the security processes in place today are severely outdated, SailPoint says. More than a third (28%) still rely on spreadsheets and paperwork to validate employee accounts and responsibilities, and a fifth of AI agents (21%) are still being managed manually.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.