This research examines human behaviour leading to breaches in cybersecurity, specifically phishing exploitation and weak passwords, as they exist in organizations. The study considers the role of cybersecurity awareness and training on employee behaviours. Analysis of a self-reported survey shows that while employees generally showed awareness of cyber risks, some lacked the skills to act securely at work, such as not reporting phishing emails or mishandling sensitive email content. The research highlights the importance of ongoing cybersecurity training as well as actions of the organizations to clarify a security policy to guide employee behaviour. The data used to support the findings were self-reported, and recognizing the limited sample size prior to developing firm conclusions about the results is necessary. Future research questions could explore the influence of individual psychological and social factors (for example, depression, optimism, and overconfidence) on employee behaviour, or influence the development of secure practices within workplace behaviour.