Trust in employees dwindling

More than 60% of security decision makers expect employees to put corporate data at risk of a breach, according to Apricorn research.

  • Wednesday, 19th June 2024 Posted 4 weeks ago in by Phil Alsop

Apricorn has published findings from global research into the security and storage of data. The research uncovered that 63% of surveyed* UK and US IT Security Decision Makers expect their mobile/remote workers to expose their organisation to the risk of a data breach.

This lack of trust in employees seems justified when 55% of those surveyed* noted that their mobile/remote workers have knowingly put corporate data at risk of a breach over the last year. This has increased from the 48% of UK IT Security Decision Makers* that disclosed the lax attitudes towards data security of their remote workers in the 2023 survey. In fact, 43% in the UK (40% in the UK and US) said their mobile/remote workers don’t care about security.

Ninety-five per cent of those surveyed* in the UK and US agreed that their organisation's mobile/remote workers were aware of IT security risks and practices and followed required policies to protect the data they work with at all times. However, it would seem they may be putting a little too much faith in their ability to do so. This has increased from 58% in the UK in 2023 to 92% in 2024. Unfortunately, 73% of remote employees in the UK and US lack the skills and technology needed to keep data safe, despite being willing to comply with these security measures, and again, up from 55% in the previous year to 74% in the UK specifically.

“Organisations must bridge the gap between trust and capability to establish a robust and secure data environment. Investing in comprehensive training programs and the necessary tech to equip employees to safeguard data is crucial. Providing employees with removable USBs and hard drives that automatically encrypt all data written to them, ensures companies can give everyone the capability to securely store data whether at rest or on the move,” said Jon Fielding, Managing Director, EMEA Apricorn.

Unsurprisingly, phishing (31%) and employees unintentionally putting data at risk (30%) took the top spots as the main causes of a data breach within organisations in the UK and US, closely followed by ransomware (29%). In the UK alone, employee error has increased from 22% to 30% in the last year.

The good news is that whilst employee risk and distrust have increased, organisations are making a definite move to protect their data. When asked if their organisation has an information security strategy/policy that covers employees’ use of their own IT equipment for mobile/remote working, 47% of UK IT Security Decision Makers (54% in the UK and US) said they allow employees to use their own IT equipment remotely.

Furthermore, they control this access to systems and data through software they install. This has increased by 33% since 2023, showing businesses are clearly doing their part to lock down the use of employee devices and regain control of corporate data.

Positively, when asked if their organisation notified the ICO of a breach/potential breach since GDPR came into effect or if they were aware they had been reported by someone else, there has been a notable increase in those self-reporting. Just 14% of surveyed IT security decision makers said they had been reported to the ICO by others, down from 32% last year, with 53% saying they themselves notified the ICO, compared with 40% previously.

“Data breaches are an unfortunate reality, but it’s encouraging to see that businesses are taking proactive measures to mitigate these risks. Companies are now implementing more robust controls and investing in advanced technologies to safeguard sensitive information. Businesses have made significant strides in improving their response and reporting processes and the need for transparency and accountability when it comes to notifying regulatory authorities.

“The fact that businesses are actively working towards better data security and response mechanisms is a positive sign. It shows a commitment to evolving and adapting to the threat landscape and containing the impact of breaches to allow for a more efficient and effective recovery process,” added Fielding.

Schneider Electric launches five new certifications

Posted 11 hours ago by Phil Alsop
EcoXpert partner program enables certified partners and valued customers to access to global skills development ecosystem for competency training...

A day of cutting-edge data storage insights

Posted 12 hours ago by Phil Alsop
Backup and data recovery trends, flash storage innovations, the use of cutting-edge AI in virtual machine environments and more were at the heart of...

Cubbit raises $12.5m

Posted 12 hours ago by Phil Alsop
LocalGlobe and ETF Partners co-led the $12.5M raise (approx. €11.6M or £10M).

Netscout expands IT observability

Posted 12 hours ago by Phil Alsop
New Business Edge Observability supports comprehensive performance management for networks, applications, and user experience to mitigate risk and...

Next-Gen MDR

Posted 1 day ago by Phil Alsop
MDR pioneer and validated leader delivers the fastest detection, investigation and response across all attack surfaces; service partners join in...
AI-powered features to provide forecasts and recommendations to future hosting cities.
ManagementStudio has introduced its Engage programme for channel partners to deliver to their customers. The Engage Assessment Programme enables...
New cloud, security, AI – integrated product innovations let the machines do the work to elevate human potential.