Traliant, a leader in online compliance training, has released its latest research highlighting a persistent gap between cybersecurity awareness and practice—including risky employee habits that leave organizations vulnerable to increasingly sophisticated cyberattacks.
Based on a survey of over 600 full-time U.S. employees across various industries, the research finds that 18% of employees reuse passwords across work accounts, creating cascading risk if one account is compromised. Additionally, 23% write down passwords, only 30% use password managers, and just 46% consistently use multi-factor authentication. Nearly half (42%) have accessed sensitive company information on personal devices without IT approval, 78% say they’re not fully confident in spotting more advanced phishing attacks like deepfakes or voice spoofing, and 40% report that current cybersecurity training doesn’t feel relevant to their daily responsibilities.
“AI engineered cyberthreats have become more complex, harder to detect, and exploit employee behaviors,” says John Brushwood, compliance counsel at Traliant. “Organizations must rethink how they engage employees around cybersecurity because today’s threats are no longer a tech-only issue—they’re a human one. It’s critical for HR and IT to work together to make a measurable impact on building a stronger culture of cyber vigilance.”
The survey emphasizes the importance of equipping employees with training that is relatable, actionable and provides practical tools and real-world scenarios to build and reinforce cyber awareness — not just to reduce security risks, but to foster a culture of accountability.



