Brits at risk of exposing their deepest secrets to hackers

New research from UK General Insurance in partnership with Cyber Aware released today has revealed that 79% of Brits surveyed keep emails in their inboxes that could be exploited by hackers for ID theft, fraud, or impersonation. Cyber Aware is warning the UK public that without using a strong and separate password for our main email account, we risk giving a wealth of information to cyber criminals that could be used against us.

Not only are we holding onto e-receipts revealing our purchase history (51%) but over a third of UK adults surveyed keep messages from loved ones (34%), store personal photos of friends, family or pets (35%) and 6% have love letters saved in their inbox. UK General and Cyber Aware are advising that this kind of information can be like ‘gold dust’ to hackers, who can use it to commit cyber crime including making phishing emails more convincing by including personal information or impersonating us or our loved ones.

Despite this, instead of ensuring our email password is secure, many of us use personal information such as our children’s or pet’s names, which can be easily found out. The data also revealed that three in 10 (30%) of Brits surveyed use the same password for their email account as other online accounts, even though this can allow hackers to access many of our other personal accounts once one is discovered.

National Cybercrime Programme Lead,  Detective Superintendent Andrew Gould from the National Police Chiefs’ Council said: “Just imagine someone posing as you and the reputational, emotional and financial damage it could do to you and your loved ones. The Cyber Aware campaign wants to make people really think about the value of our inboxes and treat them in the same way we treat treasured possessions in the offline world, by taking the simple step of having  a strong and separate email password, by using three random words and adding special characters and numbers to make it stronger. For an added layer of protection we recommend using two-factor authentication on your email  account, if available. This means your account can only be accessed with a device you have already registered.”

Alison Marriott, a victim of hacking said: “The whole experience was very distressing. Emails were being sent from my account to my contacts which I had no control over. It caused a great deal of embarrassment as there were lots of phone calls to be made to explain the situation. It was also very inconvenient and took days to sort out.”

UK General’s Head of Products, Deirdre Donovan said: “Crime is changing. Where a person’s concern once centred around traditional crimes including burglary, modern crime sees an increase in online deception scams and virtual impersonation. Anyone can become a victim of cybercrime, therefore it’s important to ensure you are protected online by using a strong and separate password for your emails.”

To help us protect our private and personal information from being exposed to hackers, Cyber Aware has released the following tips:

  1. Use a strong, separate password for your email
  2. A good way to create a strong and memorable password is to use three random words. Numbers and symbols can be used to make it stronger.
  3. Use words which are memorable to you, but not easy for other people to guess. Don’t use words such as your child’s name or favourite sports team which are easy for people to guess by looking at your social media accounts or simple substitutions like ‘Pa55word!’
  4. When available you should use two-factor authentication on your email account. It gives it extra layer of security, as it means your account can only be accessed on a device that you have already registered
  5. Don’t use public Wi-Fi to transfer sensitive information such as card details


Visit to find out more.


Detective Superintendent, Andrew Gould from the National Police Chiefs’ Council will be speaking at the inaugural Data Protection World Forum, looking at the current cyber threats, common vulnerabilities and the law enforcement response. Other speakers include:

  • Senior Representation, NCSC
  • Steve Wright, Data Privacy & Information Security Officer, John Lewis
  • Flavius Plesu, Head of Information Security, Bank of Ireland (UK)
  • Nick Turner, Senior Director, Data Protection Solutions Business DELL EMC, Solutions Business DELL EMC


Register to attend for free here

Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.