A large share of UK employees have sold their corporate credentials over the past year, exposing their organization to cyber and financial crime, according to Cifas.
The non-profit fraud prevention service revealed the findings in its latest Workplace Fraud Trends report, which is based on responses from 2000 UK employees working in companies with 1000+ staff.
It found that 13% of respondents admitted selling their logins over the past 12 months, or knew someone who had.
The same share (13%) claimed they thought the act of selling credentials was “justifiable” – rising even higher for senior managers (32%), directors (36%), C-suite executives (43%) and business owners (81%).
Cifas director of learning, Rachael Tiffen, argued that selling logins can open the door to serious fraud and financial harm.
“These findings show how vital it is for organizations to build fraud‑aware cultures, where employees at all levels understand their responsibilities and the consequences of their actions,” she added.
“Counter‑fraud training plays a central role in helping staff recognize manipulation, appreciate the risks associated with insider activity, and act with integrity when handling access to systems and data.”
The Growing Insider Threat
The Cifas report highlights the growing challenge posed to corporate security teams by their own colleagues elsewhere in the business.
Malicious incidents accounted for 27% ($4.7m) of the total lost to insider risks last year, according to DTEX. On average, global organizations lost $19.5m per business to either negligence or deliberate acts like sharing sensitive data including credentials.
A 2025 Socura/Flare report revealed 460,000 compromised credentials belonging to employees at FTSE100 firms circulating on cybercrime sites.
Many of these come down not to malicious insiders but external attacks. The report’s authors found 28,000 corporate credentials in stealer logs – which on average equates to 280 per FTSE 100 company.
A separate study by KELA last month revealed the presence of 347 million compromised credentials on 3.9 million compromised machines.
These were part of an estimated 2.9 billion tracked globally in 2025.
The continued pipeline of compromised credentials into the cybercrime economy makes things much harder for network defenders, as it renders traditional perimeter defenses virtually useless.
