Not the ones carrying the most sensitive data, surely?
British finance and human resources departments are more likely to be tricked by phishing emails than other sections, according to a report by security firm McAfee.
Participants in the company’s phishing quiz were asked to pick scam emails from a selection of messages, with the above departments only successfully identifying scams around two-thirds of the time.
Raj Samani, EMEA chief technology officer at McAfee, said: "As highlighted by our latest report, phishing continues to pose significant security risks for businesses and consumers alike.
"More worryingly, perhaps, is the lack of education around how to spot a phishing email amidst the many emails we’re sent on a daily basis."
Research and development workers in the UK were the most successful at determining which emails were legitimate, doing so 77% of the time.
The most convincing scams made use of spoofed email addresses mimicking those of real companies, such as delivery service UPS or messaging service eFax.
Samani added that phishing comprises a small portion of the threats facing organisations, and urged companies to take a proactive approach to cyber security.
"Prevention is the way forward if we are to truly combat the array of threats we’re seeing appear on a daily basis," he said.