Cifas Data Exposes Scale of Insider Credential Selling Among UK Workers

A survey by UK fraud prevention organization Cifas has identified a significant willingness among employees to sell corporate access credentials. The Workplace Fraud Trends report found that 13 percent of respondents either sold company login details in the past year or knew someone who had. The same proportion—13 percent—believed that selling access to company systems was justifiable, though the report did not detail the justifications cited.

Cifas flagged the findings as evidence of a worrying shift in attitudes toward insider-enabled fraud. The organization noted that leadership positions correlated with higher tolerance for selling credentials, raising concerns about the integrity of employees with the greatest system access. The report did not isolate a precise figure for non-management staff who viewed credential selling as justified, but the data suggested that perceived acceptability increases with organizational power.

The survey signals elevated risk for organizations relying on traditional perimeter-based security models. Insider threats operating with legitimate credentials are harder to detect than external attacks, and the normalization of credential trading compounds that challenge. Cifas warned that leadership teams should treat the attitude data as a priority concern, particularly where access to sensitive financial, customer, or intellectual property systems is involved.