UK workers are shockingly relaxed about selling access to company systems
Research from UK fraud prevention service Cifas shows that insider fraud is rife
UK workers are shockingly casual about insider‑enabled fraud, with one-in-eight admitting to having sold company logins.
In the last 12 months alone, 13% said they had either sold their company login details to a former colleague, or that they knew someone who has.
The figures from the UK’s fraud prevention service, Cifas, show that 13% of respondents believed selling access to company systems was ‘justifiable’.
That number was even higher for senior managers, at 32%, and directors at 36%.
Among C‑suite executives, this figure rose to 43% while for business owners themselves, the figure was an astonishing 81%.
“These findings point to an unsettling reality: for a meaningful minority of staff, selling company logins is no longer beyond the line – and that should concern every employer," commented Joby Carpenter, fraud and emerging threats lead at anti-financial crime certification and intelligence company ACAMS.
“Cifas’ survey suggests insider risk is not only persistent, but in some settings it’s becoming normalized. For firms, this underlines the need to treat insider threat as a core fraud and financial crime issue, supported by strong culture, proportionate controls, targeted training, and effective access governance.”
Researchers said effective fraud prevention relies not only on secure systems, but on strong access governance, regular staff training, and a clear organizational stance on the misuse of credentials.
“Selling login details might seem insignificant to those involved, but it can open the door to serious fraud and financial harm. These findings show how vital it is for organisations to build fraud‑aware cultures, where employees at all levels understand their responsibilities and the consequences of their actions," said Rachael Tiffen, director of learning at Cifas.
“Counter‑fraud training plays a central role in helping staff recognise manipulation, appreciate the risks associated with insider activity, and act with integrity when handling access to systems and data.”
Insider threats are rising
A slew of studies over the last two years point toward rising insider threats. A report from Arctic Wolf, for example, found that 61% of organizations had spotted insider threats during 2024, with 29% of those leading to a leak.
Similar research last year from Exabeam concluded that two-thirds of European security professionals now see insider threats as a bigger risk than external threat actors.
More than half said they’d seen a measurable increase in insider incidents over the last year, with 54% saying they expect that growth to continue.
Cyber criminals are aware of the openness of many workers to fraud, and have been actively recruiting company insiders on the dark web, with researchers at NordStellar saying earlier this year they'd found 25 unique dark web posts attempting to recruit employees for fraud.
Aiming to target specific organizations, particularly social media or cryptocurrency platforms, they are hoping to carry out ransomware attacks, sell information on business agreements to competitors, or carry out sophisticated phishing scams.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Microsoft joins competitors in handing over AI models for advanced testingNews US and UK government agencies will evaluate the firm's frontier models, along with those from Google and xAI
-
Panasonic Toughbook marks 30th year with new European partner programNews The revamped initiative introduces a new deal registration system, enhanced training programs, and fresh growth incentives
-
Rethinking fraud prevention: From identity checks to identity signal integritySponsored With new techniques being used by criminals, fraud detection has to move with the times to ensure security
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Nearly 700,000 customers impacted after insider attack at US fintech firmNews FinWise, which provides loans on behalf of US financial services firms, revealed a former employee accessed sensitive customer information after leaving the firm.
-
Security experts call for better 'offboarding' practices amid spate of insider attacks by outgoing staffNews Enterprises should act swiftly to revoke rights and access, regardless of the manner of an employee’s departure.
-
AI means cyber teams are rethinking their approach to insider threatsNews Nearly two-thirds of European cybersecurity professionals see insider threats as their biggest security risk – and AI is making things worse.
-
FBI warns scammers are using cryptocurrency ATMs to siphon cashNews Criminals will stay on phone with victims as they make payments, says advisory
-
Hackers fake DocuSign and offer fraudulent signing methodsNews Criminals impersonate the e-signing company to steal credentials
-
Account takeovers rise nearly threefold during pandemicNews Financial services hit hardest by account hijackers, says Sift report
