Research shows mobile workers put corporate data at significant risk
Apricorn has released findings from its global research into data security and storage practices, revealing that a significant proportion of corporate data is at risk due to actions by mobile workers. According to the study, 63% of IT Security Decision Makers in the UK and the US anticipate that their mobile or remote workers will expose their organisations to the risk of a data breach.
The survey results indicate that 55% of respondents believe mobile workers have knowingly compromised corporate data security within the past year, up from 48% in the previous year. Notably, 43% (40% in both regions combined) perceived that their remote workers lack concern about data security.
Although 95% of IT Security Decision Makers across the UK and US agreed that mobile and remote employees follow required data protection policies and are aware of associated risks, there appears to be a gap between knowledge and actual practice. The willingness of employees to adhere to security measures is clearly there but the research shows that 73% of these workers lack the necessary skills and technology to keep data safe, with this figure rising from 55% in 2023 to 74% in the UK in 2024.
Jon Fielding, Managing Director of EMEA at Apricorn, emphasised the importance of improving the capability to safeguard data. "Organisations must bridge the gap between trust and capability to establish a robust and secure data environment. Investing in comprehensive training programs and the necessary tech to equip employees to safeguard data is crucial. Providing employees with removable USBs and hard drives that automatically encrypt all data written to them, ensures companies can give everyone the capability to securely store data whether at rest or on the move," he stated.
The study noted that phishing (31%) and accidental data exposure by employees (30%) are the leading causes of data breaches. This is followed closely by ransomware attacks (29%). Particularly in the UK, incidents of employee error have increased from 22% to 30% over the last year.
In response to these risks, many organisations are taking steps to protect their data. Approximately 47% of UK IT Security Decision Makers and 54% across both the UK and the US confirmed that their organisations allow employees to use their own IT equipment for remote work, and they enforce access controls through organisation-installed software. This represents a 33% increase from the previous year's figures.
The research also highlighted promising trends regarding data breach notifications. A significant number of organisations have been proactive about reporting breaches or potential breaches to the Information Commissioner's Office (ICO). The proportion of self-reported breaches has risen to 53%, compared to 40% previously, while the percentage of those reported by external parties has decreased from 32% to 14%.
Fielding concluded on a reflective yet optimistic note, pointing out the progress made by businesses in improving data security, stating, "Data breaches are an unfortunate reality, but it's encouraging to see that businesses are taking proactive measures to mitigate these risks. Companies are now implementing more robust controls and investing in advanced technologies to safeguard sensitive information. Businesses have made significant strides in improving their response and reporting processes and the need for transparency and accountability when it comes to notifying regulatory authorities."
The research was conducted by Censuswide, involving 604 IT security decision-makers at large companies in the UK and the US.