New data shows a huge disparity between the likelihood of cyberattack against U.K. organizations and their employee’s cybersecurity awareness and vigilance.

New data put out by security vendor Armis paints a rather disconcerting picture of U.K. workers when it comes to their role in aiding the organization’s cybersecurity efforts. According to Armis, despite the fact that a majority of workers (60%) have stated they’ve personally experienced a cyberattack, only 27% of them recognize the cyber risk associated with interacting with email and the web. In addition, one in 9 employees (11%) don’t care about cybersecurity at all!

What makes this issue of users not being aware of or concerned about cyberattacks is the number one type of attack experienced by users (according to Armis): phishing. With more than one-quarter (27%) of U.K. workers experiencing phishing attacks using social engineering to trick victims into giving up credentials, credit card data, and more, it’s imperative that users are made to be part of the organization’s security stance.

And given we’ve seen how U.K. workers have posed a cybersecurity risk historically, this new data is alarming.

This should be a wake-up call to business leaders and cybersecurity executives that your workers are your weakest link and your greatest risk. Workers need to be placed in continual Security Awareness Training that educates them on various kinds of cyberattacks they may face, while reinforcing their role as part of the organization’s cyber defenses.