Why employee cyber habits matter more than ever
Getting your Trinity Audio player ready...

Author: Richard A. Egleston

null

In today's hybrid work environment, the line between personal and professional tech use is blurred. Employees routinely use personal devices for work, creating hidden vulnerabilities that cybercriminals are eager to exploit. Weak passwords, unsecured networks and phishing scams can all open the door to enterprise-wide breaches.

The hidden entry point: Personal devices and remote access

Remote and hybrid work have made personal devices a cornerstone of the modern workplace. In fact, 90% of employees say they use a mix of company-issued and personal devices for work.1 Personal devices, unlike corporate-issued hardware, often lack advanced enterprise controls — making them prime targets for attackers.

Phishing remains the most common initial attack strategy. According to IBM's Cost of a Data Breach Report 2024, breaches triggered by phishing attacks average around $4.88 million globally, underscoring why employers must prioritize robust identity protection and cybersecurity best practices.2 When one compromised employee account can cascade into a major corporate incident, the need for stronger personal protection becomes clear.

The threat isn't limited to the individual worker. A breach that begins with one employee's compromised device can ripple across the business, disrupting operations, eroding customer trust, and damaging brand reputation.

Protecting employees at the personal level is now inseparable from protecting the business itself.

Growing interest in employer-paid identity and digital protection plans

Forward-thinking HR leaders are recognizing the urgency of offering employer-sponsored identity protection. These plans help employees stay safe online while reducing organizational risk. Thirty-two percent of employers are expanding voluntary benefits — and identity theft protection has grown in both employer-subsidized and employer-paid for 2025, according to the results from Gallagher's 2025 Benefits Strategy & Benchmarking Survey.

Employers offering these plans provide:

  • Proactive protection that blocks threats (like malware and phishing)
  • Employee peace of mind, ensuring staff can focus on their work rather than worrying about personal risks.
  • Cyber safety culture that begins at home and extends into workplace habits
  • Cost savings, since employees often gain access to premium services at discounts of 60% or more off retail

Why "free or light" identity protection isn't enough

Many organizations still rely on "free" or limited post-breach identity monitoring services. While these can provide temporary credit or dark web alerts, they're inherently reactive and short-lived — typically lasting only 12 months after a breach.

Stolen personal data doesn't expire. Once exposed, it often circulates on the dark web for years, fueling AI-driven scams that are harder to detect and more convincing than ever.

Attackers also exploit the short coverage window. They may wait until the free monitoring period ends before using the compromised information, ensuring victims remain vulnerable. And with 75% of Americans having had their Social Security Number exposed due to data breaches,3 the risks are simply too great to rely on "light" protection.

Comparison of free and premium identity protection products

Premium identity protection products offer greater protection than free and limited ones, including social media monitoring, device security software, privacy and parental tools and anti-scam tools.

The human toll

Victims often spend hundreds of hours attempting to resolve fraud cases, dealing with credit bureaus, financial institutions and government agencies. This stress takes a toll on mental health and can affect workplace productivity. By offering comprehensive premium protection, employers send a clear message: "We care about your wellbeing inside and outside the workplace."

The role of AI: From defense to threat

According to IBM's Cost of a Data Breach Report 2025:4
  • 16% of all breaches in 2025 involved AI-powered attacks.
  • 97% of organizations hit by AI-related breaches lacked proper access controls.

Artificial intelligence (AI) is now a double-edged sword in the cybersecurity landscape. While it's a powerful tool for fraud detection, faster scam identification and predictive analytics, it's also being weaponized to generate deepfakes, hyper-realistic phishing emails and instant scam campaigns.

This dynamic makes proactive, AI-powered defenses more critical than ever. Employers who provide their workforce with advanced tools put employees in a better position to recognize and respond to increasingly sophisticated threats.

Cyber insurance covers the business, but don't forget the people

The Identity Theft Resource Center reports that 52% of incidents now involve the misuse of personal information.

Cyber insurance is standard for enterprise risk, but employee vulnerabilities are often overlooked. Most ransomware attacks trace back to compromised personal accounts.

Employer-paid protection plans do the following:

  • Safeguard business continuity.
  • Support employee wellbeing.
  • Position HR as a strategic leader in cyber safety.

The strategic business case for HR and Benefits leaders

Investing in employee-focused cyber safety delivers measurable outcomes:
  • Addressing vulnerabilities at the personal level reduces breach risk.
  • Recovery is faster, because automation and AI-enhanced security can reduce breach durations by up to 80 days.
  • Cost savings are estimated at nearly $2 million.4
  • Employee trust and retention improve because employees see that their employer values their wellbeing, both at work and at home.
  • Cyber protection is a high-value benefit that gives employees services they want and value at a fraction of retail cost.
In a competitive talent market, benefits that support digital wellbeing are a differentiator. When employees feel secure, valued and supported, they are more engaged and loyal — helping employers strengthen both culture and retention.

Conclusion: Cyber safety is a workforce imperative

Cyber safety isn't just an IT responsibility — it's a workforce issue that belongs on every HR leader's agenda. As digital risks grow more complex and AI-driven scams proliferate, organizations that prioritize employee-first protection won't only insulate themselves from breaches but also create a culture of resilience and trust. The result is a win-win — safer employees, stronger organizations and a more secure future for all.

Author Information

Richard A. Egleston

Richard A. Egleston

Executive Vice President, Technology and Enrollment Consulting

Sources

1Lake, Kate. "70+ Critical BYOD Statistics to Know in 2024," JumpCloud, 24 Oct 2024.

2Bonderud, Doug. "Cost of a Data Breach 2024: Financial Industry," IBM, updated 8 Aug 2025.

3Casal, Julio. "Verifying the National Public Data Breach: The Largest Social Security Number Exposure in History," Constella, 20 Aug 2024.

4"Cost of a Data Breach Report 2025: The AI Oversight Gap," IBM, Aug 2025. PDF file.

Disclaimer

Consulting and insurance brokerage services to be provided by Gallagher Benefit Services, Inc. and/or its affiliate Gallagher Benefit Services (Canada) Group Inc. Gallagher Benefit Services, Inc. is a licensed insurance agency that does business in California as "Gallagher Benefit Services of California Insurance Services" and in Massachusetts as "Gallagher Benefit Insurance Services." Neither Arthur J. Gallagher & Co., nor its affiliates provide accounting, legal or tax advice.