One in Five UK Employees Are Putting Employers at Risk by Using Work Emails and Passwords on Consumer Apps and Websites

Ivanti’s 2021 Secure Consumer Cyber Report reveals that risky consumer behaviour while working from home is putting organisations in great jeopardy of cyberattacks

SALT LAKE CITY — 24 February 2021 —

Employees working from home are putting their organisations at increased risk of cyberattacks by exercising poor security hygiene, according to a report released by Ivanti, the automation platform that helps make every IT connection smarter and more secure. The 2021 Secure Consumer Cyber Report found that one-fifth of consumers admit to recycling their work email or password to log in to consumer websites and applications such as food delivery apps, online shopping sites and even dating apps.

The Secure Consumer Cyber Report surveyed 1,000 UK consumers who have been working from home during the pandemic on a company-issued computer to examine how consumer and enterprise cybersecurity habits have changed. The report’s findings reveal that poor security hygiene and gaps in enterprise cybersecurity strategies are putting businesses at risk.

In addition to recycling login credentials, the main areas for concern identified are:

  • Personal devices for work access: More than one-third (39.93%) respondents said they are allowed to use a personal device such as a laptop, smartphone, tablet or smartwatch to access company applications and networks.
  • Two-factor authentication for IoT devices: Nearly half (47.87%) of respondents have not set-up two-factor authentication for smart devices in their homes.
  • Secure access tools: Almost one-third (32.5%) of respondents claim their organisation does not require users to use a secure access tool, such as a VPN.

“The poor security hygiene and shortfalls in enterprise security emphasised by the report are creating a perfect storm for cybercriminals looking to take advantage of consumers working from home. By reusing passwords and failing to implement corporate workspace segregation policies and multi-factor authentication, businesses are increasing their risk of falling victim to credential stuffing attacks,” said Nigel Seddon, VP EMEA West at Ivanti.

“Given that there has been a recent increase in the number of data breaches targeting consumer-based companies and online communities, it is very likely that enterprise email and passwords are already exposed on the dark web. Companies across all industries must implement a Zero Trust model to ensure that entities accessing corporate information, applications, or networks are valid and not using stolen credentials,” said Seddon.

Download a full copy of the 2021 Secure Consumer Cyber Report here.  

About the Secure Consumer Cyber Report

The findings in the inaugural Secure Consumer Cyber Report are based on a survey conducted by Ivanti in November 2020. The survey took place online and used a nationally representative sample of 1,000 people over 18 working in the U.K.  

About Ivanti

The Ivanti automation platform makes every IT connection smarter and secure across devices, infrastructure and people. From PCs and mobile devices to virtual desktop infrastructure and the data center, Ivanti discovers, manages, secures and services IT assets from cloud to edge in the everywhere workplace -- while delivering personalized employee experiences. In the everywhere workplace, corporate data flows freely across devices and servers, empowering workers to be productive wherever and however they work. Ivanti is headquartered in Salt Lake City, Utah and has offices all over the world. For more information, visit and follow @GoIvanti.

Press Contacts

Jenny Pfleiderer
Director, Corporate Communications
+1 925-878-5655
[email protected]