Trust in employees dwindling

Apricorn has published findings from global research into the security and storage of data. The research uncovered that 63% of surveyed* UK and US IT Security Decision Makers expect their mobile/remote workers to expose their organisation to the risk of a data breach.

This lack of trust in employees seems justified when 55% of those surveyed* noted that their mobile/remote workers have knowingly put corporate data at risk of a breach over the last year. This has increased from the 48% of UK IT Security Decision Makers* that disclosed the lax attitudes towards data security of their remote workers in the 2023 survey. In fact, 43% in the UK (40% in the UK and US) said their mobile/remote workers don’t care about security.

Ninety-five per cent of those surveyed* in the UK and US agreed that their organisation's mobile/remote workers were aware of IT security risks and practices and followed required policies to protect the data they work with at all times. However, it would seem they may be putting a little too much faith in their ability to do so. This has increased from 58% in the UK in 2023 to 92% in 2024. Unfortunately, 73% of remote employees in the UK and US lack the skills and technology needed to keep data safe, despite being willing to comply with these security measures, and again, up from 55% in the previous year to 74% in the UK specifically.

“Organisations must bridge the gap between trust and capability to establish a robust and secure data environment. Investing in comprehensive training programs and the necessary tech to equip employees to safeguard data is crucial. Providing employees with removable USBs and hard drives that automatically encrypt all data written to them, ensures companies can give everyone the capability to securely store data whether at rest or on the move,” said Jon Fielding, Managing Director, EMEA Apricorn.

Unsurprisingly, phishing (31%) and employees unintentionally putting data at risk (30%) took the top spots as the main causes of a data breach within organisations in the UK and US, closely followed by ransomware (29%). In the UK alone, employee error has increased from 22% to 30% in the last year.

The good news is that whilst employee risk and distrust have increased, organisations are making a definite move to protect their data. When asked if their organisation has an information security strategy/policy that covers employees’ use of their own IT equipment for mobile/remote working, 47% of UK IT Security Decision Makers (54% in the UK and US) said they allow employees to use their own IT equipment remotely.

Furthermore, they control this access to systems and data through software they install. This has increased by 33% since 2023, showing businesses are clearly doing their part to lock down the use of employee devices and regain control of corporate data.

Positively, when asked if their organisation notified the ICO of a breach/potential breach since GDPR came into effect or if they were aware they had been reported by someone else, there has been a notable increase in those self-reporting. Just 14% of surveyed IT security decision makers said they had been reported to the ICO by others, down from 32% last year, with 53% saying they themselves notified the ICO, compared with 40% previously.

“Data breaches are an unfortunate reality, but it’s encouraging to see that businesses are taking proactive measures to mitigate these risks. Companies are now implementing more robust controls and investing in advanced technologies to safeguard sensitive information. Businesses have made significant strides in improving their response and reporting processes and the need for transparency and accountability when it comes to notifying regulatory authorities.

“The fact that businesses are actively working towards better data security and response mechanisms is a positive sign. It shows a commitment to evolving and adapting to the threat landscape and containing the impact of breaches to allow for a more efficient and effective recovery process,” added Fielding.