Trust in employees dwindling

More than 60% of security decision makers expect employees to put corporate data at risk of a breach, according to Apricorn research.

  • Wednesday, 19th June 2024 Posted 10 months ago in by Phil Alsop

Apricorn has published findings from global research into the security and storage of data. The research uncovered that 63% of surveyed* UK and US IT Security Decision Makers expect their mobile/remote workers to expose their organisation to the risk of a data breach.

This lack of trust in employees seems justified when 55% of those surveyed* noted that their mobile/remote workers have knowingly put corporate data at risk of a breach over the last year. This has increased from the 48% of UK IT Security Decision Makers* that disclosed the lax attitudes towards data security of their remote workers in the 2023 survey. In fact, 43% in the UK (40% in the UK and US) said their mobile/remote workers don’t care about security.

Ninety-five per cent of those surveyed* in the UK and US agreed that their organisation's mobile/remote workers were aware of IT security risks and practices and followed required policies to protect the data they work with at all times. However, it would seem they may be putting a little too much faith in their ability to do so. This has increased from 58% in the UK in 2023 to 92% in 2024. Unfortunately, 73% of remote employees in the UK and US lack the skills and technology needed to keep data safe, despite being willing to comply with these security measures, and again, up from 55% in the previous year to 74% in the UK specifically.

“Organisations must bridge the gap between trust and capability to establish a robust and secure data environment. Investing in comprehensive training programs and the necessary tech to equip employees to safeguard data is crucial. Providing employees with removable USBs and hard drives that automatically encrypt all data written to them, ensures companies can give everyone the capability to securely store data whether at rest or on the move,” said Jon Fielding, Managing Director, EMEA Apricorn.

Unsurprisingly, phishing (31%) and employees unintentionally putting data at risk (30%) took the top spots as the main causes of a data breach within organisations in the UK and US, closely followed by ransomware (29%). In the UK alone, employee error has increased from 22% to 30% in the last year.

The good news is that whilst employee risk and distrust have increased, organisations are making a definite move to protect their data. When asked if their organisation has an information security strategy/policy that covers employees’ use of their own IT equipment for mobile/remote working, 47% of UK IT Security Decision Makers (54% in the UK and US) said they allow employees to use their own IT equipment remotely.

Furthermore, they control this access to systems and data through software they install. This has increased by 33% since 2023, showing businesses are clearly doing their part to lock down the use of employee devices and regain control of corporate data.

Positively, when asked if their organisation notified the ICO of a breach/potential breach since GDPR came into effect or if they were aware they had been reported by someone else, there has been a notable increase in those self-reporting. Just 14% of surveyed IT security decision makers said they had been reported to the ICO by others, down from 32% last year, with 53% saying they themselves notified the ICO, compared with 40% previously.

“Data breaches are an unfortunate reality, but it’s encouraging to see that businesses are taking proactive measures to mitigate these risks. Companies are now implementing more robust controls and investing in advanced technologies to safeguard sensitive information. Businesses have made significant strides in improving their response and reporting processes and the need for transparency and accountability when it comes to notifying regulatory authorities.

“The fact that businesses are actively working towards better data security and response mechanisms is a positive sign. It shows a commitment to evolving and adapting to the threat landscape and containing the impact of breaches to allow for a more efficient and effective recovery process,” added Fielding.

Reimagining security for the AI era

Posted 2 days ago by Phil Alsop
New Cisco innovations address the complexities for security professionals to embrace the AI era in today’s dynamic threat landscape.
New company unites decades of experience to deliver consulting services grounded in pioneering research.

CrowdStrike unveils innovations

Posted 2 days ago by Phil Alsop
New innovations secure AI, data, identities and SaaS applications – expanding CrowdStrike’s leadership in delivering unified protection across...

Commvault and Deloitte forge strategic alliance

Posted 2 days ago by Phil Alsop
Commvault has announced a strategic alliance with Deloitte. Together, Commvault and Deloitte aim to help organisations stay ahead of evolving threats...

Sophos launches MSP Elevate Program

Posted 2 days ago by Phil Alsop
Sophos has launched MSP Elevate, a new business-accelerating program for managed service providers (MSPs). With the new program, Sophos enables MSPs...
Assured Data Protection has launched its Innovation Team—a strategic initiative aimed at expanding the company’s market-leading disaster recovery...
BlueVoyant’s Continuous Optimisation for Microsoft Security service empowers clients with enterprise-grade threat detection analytics for their...
Version 1 has been selected as digital support partner for the Digital and Data Division of the Scottish Government ARE Directorate.