Rising UK cyber hygiene risks are leaving businesses exposed to avoidable security threats, according to new research from SailPoint.
The report shows that many organisations still fail to manage identity and access controls effectively. As a result, critical security gaps continue to grow. For example, 77% of businesses do not immediately deactivate accounts when employees leave. Consequently, unused accounts remain active and vulnerable to misuse.
At the same time, workforce mobility is increasing. With 21% of employees changing jobs in the past year, the number of dormant accounts continues to rise. Therefore, the risk of insider threats and external attacks has grown significantly.
UK Cyber Hygiene Risks Driven by Poor Access Control
UK cyber hygiene risks often begin with weak identity management practices. Many organisations grant broader access than necessary, with 34% admitting they knowingly over-permission users. As a result, employees, contractors and partners may access systems beyond their roles.
In addition, compromised credentials are becoming a major issue. Reports show a 160% year-on-year increase in incidents linked to stolen or misused login details. Therefore, businesses must strengthen access controls to prevent breaches.
Furthermore, organisations now manage thousands of identities across systems. On average, firms add nearly 3,000 new users each month. Meanwhile, some companies onboard up to 10,000 AI agents and machine identities at the same time. Consequently, the complexity of managing access continues to increase.
This challenge reflects broader cybersecurity concerns. For example, new risks linked to AI and automation are already emerging, as explored in our coverage of Blockchain Money Laundering Detection System Unveiled. Together, these trends highlight the growing need for stronger digital security frameworks.
Outdated Systems Increasing Security Exposure
Despite rising risks, many organisations still rely on outdated processes. Around 28% use spreadsheets or manual paperwork to manage user access. In addition, 21% of AI agents remain manually controlled.
Because of this, errors and delays often occur. Consequently, organisations struggle to maintain accurate and up-to-date access controls.
Moreover, the rapid growth of digital systems has outpaced traditional security models. As businesses adopt cloud services, automation and AI, identity management becomes more complex. Therefore, modern security tools and automated processes are essential.
Strengthening Cyber Hygiene for the Future
To reduce UK cyber hygiene risks, organisations must adopt a more proactive approach. First, they need to implement automated identity management systems that track users in real time. In addition, they must enforce stricter access controls based on roles and responsibilities.
At the same time, businesses should regularly audit accounts and remove unnecessary access. By doing so, they can minimise the risk of both insider threats and external attacks.
Ultimately, improving cyber hygiene is no longer optional. As digital transformation accelerates, organisations must strengthen security foundations to protect data, systems and customers.
