Only half (52%) of Irish office workers are confident in their ability to identify phishing attacks, and one in five (19%) admit to entering sensitive business data, like customer details and financial information into free, unsecured AI tools.

While some 65% of Irish office workers receive training either quarterly or annually, 10% have never received cybersecurity training, highlighting a real gap in organisational preparedness. The research also reveals that the vast majority of those surveyed (87%) have encountered suspicious messages at work. With impersonation attacks on the rise, 36% report receiving an email or text message impersonating a co-worker.

Jacky Fox, senior managing director at Accenture Cybersecurity, said: “These findings highlight the evolving nature of cyber threats in the age of AI and the urgent need for businesses to address gaps in training, tools, and reporting culture. While 52% of employees feel confident spotting phishing attempts, it only takes one person to be deceived for an attack to succeed, and human error remains the leading cause of breaches.

“Our research also reveals a lack of clarity on responsibility, with employees split between whether cybersecurity is their job or IT’s. This mindset treats security as a technical issue rather than a core part of business resilience, leaving organisations exposed when attacks disrupt operations, reputation, and trust.” 

 Meanwhile, further findings from Accenture’s Irish office-based survey reveal that while reporting culture is strong overall, with 77% of office employees likely to report a phishing attempt, 46% say they are unsure of what to do if they were to receive suspicious messages.

Furthermore, 56% of those surveyed selected reasons that may discourage them from reporting a phishing or deepfake attack at work. These include not believing it’s serious (21%) not knowing who to report to (20%) and fear of being blamed (15%).

Responsibility for cybersecurity is also unclear. The research shows a near-even split between those who believe office workers (48%) are responsible for preventing cyberattacks and those who think it’s the job of IT professionals (42%), highlighting a lack of clarity and shared accountability.

“When it comes to cyber concerns, AI-driven phishing emails top the list for Irish office workers at 47%, followed by identity theft through AI misuse at 34%,” notes Jacky Fox. “Deepfake threats are also a major worry, with 32% concerned about impersonations of their own likeness and 31% about deepfake videos impersonating leaders or executives.

“With AI-driven phishing and deepfake threats on the rise, businesses must prioritise training and foster a culture of shared accountability to stay protected.”  

To help address these challenges and gaps, Accenture has identified three key actions for Irish organisations to strengthen resilience and empower office workers:

Boost worker confidence in responding to threats: With only half (52%) of Irish office workers confident in their ability to identify phishing attacks, organisations need to prioritise clear and open communication to foster a culture of reporting. This includes having well-publicised reporting channels and straightforward guidance, so office workers know exactly what to do when they encounter suspicious activity.

Equip office workers with practical skills: Upskilling is critical. Beyond basic awareness, organisations should invest in interactive training that simulates real-world phishing and deepfake scenarios. Regular updates on emerging risks, especially those involving AI-generated content will help office workers stay informed and prepared. With 79% of employees now using, or planning on using AI tools at work, practical guidance on using AI safely — and recognising when it’s being exploited — is vital to strengthening defences.

Foster a culture of shared responsibility: Cybersecurity works best when it’s a team effort. Encouraging peer accountability and recognising proactive behaviours, such as early reporting, reinforces the idea that protecting digital assets is everyone’s responsibility.