{"id":25267,"date":"2025-10-27T07:00:18","date_gmt":"2025-10-27T06:00:18","guid":{"rendered":"https:\/\/cyberinsights.iainfraser.net\/?p=25267"},"modified":"2025-10-27T16:32:01","modified_gmt":"2025-10-27T15:32:01","slug":"phishing-blind-spots","status":"publish","type":"post","link":"https:\/\/smecyberinsights.co.uk\/index.php\/2025\/10\/27\/phishing-blind-spots\/","title":{"rendered":"Phishing and Leadership Blind Spots: Why 77% of Security Heads Could Be Firing the Wrong People"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"Partners1_NordVPN\"<\/figure><\/div>
\"Partners3_R3\"<\/figure><\/div>
\"Partners2_Zoho\"<\/figure><\/div>
\"Partners4_Plesk\"<\/figure><\/div>
\"Partners4_Ensurety\"<\/figure><\/div>
\"Partners7_Passware\"<\/figure><\/div>
\"Red_Button_Slider\"<\/figure><\/div>
\"ogo2\"<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\"Phishing\t\t\t\t\t\t\t\t\t\t\t
Image Credit: Freepik<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Helping Keep Small Business CYBERSafe!
\n<\/strong>Gibraltar: Friday 24 October 2025 at 08:00 CET<\/p>\n

Phishing and Leadership Blind Spots: Why 77% of Security Heads Could Be Firing the Wrong People
\n<\/strong>By: Iain Fraser<\/a> – Cybersecurity Journalist<\/a>
\nPublished in Collaboration with: Nord VPN<\/a>
\nSMECyberInsights.co.uk<\/a> –\u00a0<\/a>First for SME Cybersecurity
\n<\/a>Google Indexed PZero on 271025 at 09:12 CET<\/a>
\n#SMECyberInsights\u00a0 #SMECyberAwareness\u00a0 #CyberSafe #SME #SmallBusiness #CyberSecurity #SME #Phishing #Leadership #HumanRisk <\/em><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"Nord\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Phishing and Leadership Blind Spots: Why 77% of Security Heads Could Be Firing the Wrong People<\/strong><\/p>\n

A major new report by Arctic Wolf<\/strong> has revealed an uncomfortable truth about workplace Cybersecurity<\/strong>. While 77% of IT and security leaders say they would dismiss employees who fall for phishing scams, nearly two-thirds admit they\u2019ve clicked phishing links themselves. For Small & Medium Enterprises (SMEs)<\/a>, this highlights a critical issue of leadership culture and misplaced confidence \u2014 a combination that can make smaller organisations even more vulnerable to Cyber threats.<\/p>\n

Why This Matters for SMEs<\/strong><\/p>\n

Phishing remains one of the most successful tools for cybercriminals because it exploits human trust rather than technical systems. Arctic Wolf\u2019s findings show that when senior leaders take a punitive approach, it can discourage honest reporting and delay response times. Overconfidence in existing defences, inconsistent training schedules, and the selective application of multi-factor authentication (MFA) further compound the problem. Some leaders even admit to disabling security tools in the name of efficiency, unintentionally opening new attack paths. For SMEs with limited IT staff and smaller budgets, these behaviours can magnify risk dramatically.<\/p>\n

Authoritative Insight<\/strong><\/p>\n

Arctic Wolf\u2019s Human Risk Behavior Snapshot 2025<\/em> surveyed more than 1,700 IT leaders and employees across 17 countries. The data reveals a clear mismatch between perception and reality: 76% of IT leaders believe their organisation would never fall for a phishing attack, yet 65% have done so themselves. Seventeen per cent failed to report it afterwards. Only 54% of organisations enforce MFA for all accounts, and over half of leaders have intentionally turned off security measures. According to the UK\u2019s National Cyber Security Centre (NCSC), phishing remains the top cause of business email compromise and ransomware incidents \u2014 underlining the importance of continuous awareness and layered protection.<\/p>\n

SME-Specific Impact<\/strong><\/p>\n

For Small & Medium Enterprises<\/a>, leadership culture can directly determine Cyber resilience. SMEs rarely have the luxury of large security teams, so a single error by a senior staff member can compromise the entire business. When leaders overestimate their security maturity or ignore best practices, it reduces investment in essential training and discourages openness among employees. In smaller organisations, where trust and communication are vital, this can quickly become a systemic weakness.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\"Phishing\t\t\t\t\t\t\t\t\t\t\t
Image Credit: Freepik<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Benefits for SMEs<\/strong><\/p>\n

Adopting an education-first approach delivers measurable benefits. It creates a workplace culture where staff feel safe to report incidents quickly, improving response and recovery times. Regular awareness sessions and mandatory MFA build stronger defences and help maintain compliance with GDPR<\/a> and ISO standards. Above all, when leaders model secure behaviour themselves, they demonstrate accountability and build client confidence in their Cyber maturity.<\/p>\n

Quick Action Steps for SME Leaders<\/strong><\/p>\n

SME decision-makers should begin by leading from the front. Taking part in phishing simulations and sharing the results openly sends a powerful message that security is everyone\u2019s responsibility. Punishment should give way to coaching and retraining, ensuring that each incident becomes a learning opportunity. Mandating MFA for all staff, enforcing clear AI-use policies, communicating lessons after incidents, and automating system updates can reduce exposure significantly. SMEs can also use free assessment tools from the NCSC<\/strong> to benchmark their current Cyber posture.<\/p>\n

\u00a0<\/strong><\/p>\n

Looking Ahead<\/strong><\/p>\n

The Arctic Wolf report makes one point abundantly clear: the human factor in Cybersecurity is not just a user problem \u2014 it\u2019s a leadership challenge. As AI-enhanced phishing grows more convincing, UK SMEs<\/strong> that prioritise transparency, continuous learning, and responsible leadership will be best placed to withstand future threats. The next Cyber breach could start at the top \u2014 but so can the solution.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"Nord_logo_1.png\"\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

What is a VPN & Does my SME Need one?<\/strong> A VPN<\/strong><\/a> is a Virtual Private Network a method of securing your communications credentials. When it comes to SMEs<\/strong><\/a>, the choice of VPNs<\/strong><\/a> can significantly impact the security and efficiency of their operations. NordVPN<\/b> secures your Internet data with military-grade encryption, ensures your activity remains private and helps bypass geographic content restrictions online.\u00a0 \u00a0Join\u00a0NordVPN\u00a0Today and\u00a0Save\u00a0up to\u00a073%\u00a0and Get 3 months\u00a0Extra Free<\/a> – Rude Not to \u2026!<\/strong><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tLearn More \/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"Data<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t<\/div>\n\t\t\t\t\t
\n\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Image Credit: Freepik Image Credit: Freepik Learn More \/…<\/p>\n","protected":false},"author":1,"featured_media":25268,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"yes","footnotes":""},"categories":[655],"tags":[434],"ppma_author":[505],"class_list":["post-25267","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-phishing","tag-phishing"],"featured_image_urls":{"full":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/10\/Phishing-Image-Credit-via-Freepik.jpg",1430,955,false],"thumbnail":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/10\/Phishing-Image-Credit-via-Freepik-150x150.jpg",150,150,true],"medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/10\/Phishing-Image-Credit-via-Freepik-300x200.jpg",300,200,true],"medium_large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/10\/Phishing-Image-Credit-via-Freepik-768x513.jpg",640,428,true],"large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/10\/Phishing-Image-Credit-via-Freepik-1024x684.jpg",640,428,true],"1536x1536":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/10\/Phishing-Image-Credit-via-Freepik.jpg",1430,955,false],"2048x2048":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/10\/Phishing-Image-Credit-via-Freepik.jpg",1430,955,false],"covernews-featured":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/10\/Phishing-Image-Credit-via-Freepik-1024x684.jpg",1024,684,true],"covernews-medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/10\/Phishing-Image-Credit-via-Freepik-540x340.jpg",540,340,true]},"author_info":{"display_name":"Cybersecurity Journalist Iain Fraser","author_link":false},"category_info":"PHISHING<\/a>","tag_info":"PHISHING","comment_count":"0","authors":[{"term_id":505,"user_id":1,"is_guest":0,"slug":"admin_yjdstq4n","display_name":"Cybersecurity Journalist Iain Fraser","avatar_url":{"url":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png","url2x":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png"},"0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/25267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=25267"}],"version-history":[{"count":7,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/25267\/revisions"}],"predecessor-version":[{"id":25403,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/25267\/revisions\/25403"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media\/25268"}],"wp:attachment":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=25267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=25267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=25267"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/ppma_author?post=25267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}