60% of employees believe they’ve never made a cyber mistake at work

Cyber

By Emily Douglas

Dec 04, 2025Share

This article was created in partnership with QBE.

A recent report from QBE found that cyber risk in the workplace is shaped by employee behaviour, not just by technology. According to the report, 60% of employees believe they’ve never made a cyber mistake at work, with 86% adding that they feel confident in their ability to spot cyber threats, despite the reality that many breaches go unnoticed. 

In today’s digital economy, cyber risk isn’t just an IT problem - it’s a major boardroom issue with organization-wide implications. Speaking to Insurance Business, Ian Walsh, Vice President and US Cyber Product Leader at QBE North America, agreed by emphasizing that it’s high time businesses prioritize cyber security as a company-wide concern.

“As organizations increasingly depend on technology, a single cyber incident can quickly escalate into a full-scale crisis,” he explained. “It can lead to significant financial and reputational loss. Organizations should take an enterprise-wide approach in assessing cyber risks and mitigating exposures to enhance cyber resilience.”

The reason is simple - the interconnected nature of modern business operations means a breach in one area can rapidly cascade into multiple points of failure. This perspective is shaping how QBE approaches cyber insurance and risk management; Walsh was quick to debunk an all-too common misunderstanding here.

“A common misconception is that cyber insurance fails to address major risks. In reality, the product has evolved significantly over the years to cover a broad spectrum of exposures, including security incidents, data breaches, unintentional outages or system failures, social engineering attacks, and reputational damage, among others.”

Many still underestimate the diversity of threats which fall under the cyber umbrella. The modern threat landscape is not just about hackers breaking into systems; it also includes employee error, insider threats, third-party failures, and public relations fallout. And a key part of managing these risks lies in cross-functional cooperation.

“Defining roles for cyber incidents is essential,” added Walsh. “Each department should have an assigned point of contact prepared to respond internally and externally to a cyber incident. An incident response plan and regular tabletop exercises are critical to ensuring an organization is prepared for an unexpected cyber-related event.”

Employee training is another frontline defense and why the human element is increasingly central to QBE’s underwriting conversations.

“One click can lead to a significant cyber incident and financial loss. We need to make sure we are asking organizations questions about the cyber awareness education and training they are providing to their employees.”

Threat actors are becoming increasingly sophisticated, particularly through social engineering and phishing attacks. Walsh emphasized that employee training works, and the strongest defense is a workforce equipped with robust cyber awareness skills. Employees must not only recognize malicious links or attachments but also understand the broader tactics used by cybercriminals, such as urgency scams and impersonation schemes.

Preparation now must include employee awareness of emerging risks, especially as technology evolves. Artificial intelligence, in particular, is introducing new vulnerabilities and regulatory concerns.

“With the advances in artificial intelligence, organizations must educate employees on emerging threats such as deepfakes,” Walsh explained. “Organizations should also monitor AI regulatory changes to address any potential compliance issues.”  

For business leaders, the key takeaway is integration - cyber risk management must be embedded across functions, disciplines, and strategic planning. That means mapping potential risk scenarios, understanding how they could impact the organization, and ensuring proper coverage exists.

“Once you have assessed your organization’s risk landscape,” Walsh added, “you should work with your insurance partners to understand how your insurance program would respond and if you have affirmative coverage for these risk scenarios.”

QBE makes no warranty, representation, or guarantee regarding the information herein or the suitability of these suggestions or information for any particular purpose. QBE hereby disclaims any and all liability concerning the information contained herein and the suggestions herein made. Moreover, it cannot be assumed that every acceptable risk transfer procedure is contained herein or that unusual or abnormal circumstances may not warrant or require further or additional risk transfer policies and/or procedures. The use of any of the information or suggestions described herein does not amend, modify, or supplement any insurance policy. Consult the actual policy or your agent for details about your coverage. QBE and the links logo are registered service marks of QBE Insurance Group Limited. © 2025 QBE Holdings, Inc.