Only a third of companies require two-factor authentication on user accounts.

According to the DCMS Cyber Security Breaches Survey 2022, this figure is 37% for businesses and 31% for charities.

This means that around two-thirds of organisations do not have rules for two-factor authentication.

Since this security measure does not exist, employees cannot use it, leaving their user accounts vulnerable to cyber attacks and hacking.

Whereas two-thirds of companies in the information and communication technology sector have a policy for 2FA, less than one in five companies in the food and hospitality sector have rules for 2FA.

Other industries with low 2FA adoption include utilities, production, and manufacturing. Their inability to adopt 2FA protection makes these critical infrastructures easy targets for cyber attacks.

“It is vital that every organisation takes cybersecurity seriously as more and more business is done online and we live in a time of increasing cyber risk. No matter how big or small your organisation is, you need to take steps to improve digital resilience now and follow the government’s free government advice to help keep us all safe online,” cyber minister, Julia Lopez.