40 percent of UK firms sack staff over COVID-19 security breaches

A new report from Centrify claims almost 40 percent of UK businesses have sacked employees and more plan to ban staff from using personal devices to work from home

Posted 18 August 2020 by Christine Horton

Almost 40 percent of UK businesses have sacked staff due to a breach of company security policy since the start of the COVID-19 outbreak.

The same research from access management vendor Centrify, and Censuswide claims that almost two-thirds (65 percent) of companies have made substantial changes to their cyber security policy in response to COVID-19 and 100 percent remote working.

It follows a report earlier this month that claims that more than four in 10 organisations will take disciplinary action against staff who make cybersecurity errors.

Despite this, 58 percent agreed that employees are more likely to try and circumvent company security practices when working from home.

To combat poor security practice from employees, 57 percent of business decision makers say they are currently implementing more measures to securely authenticate employees. These include biometric data checks, such as fingerprint and facial recognition technology, and other multi-factor authentication steps when gaining access to certain applications, files and accounts.

Also, more than half (55 percent) of businesses already have, or plan to formally ban staff from using personal devices to work from home.

“With more people than ever working from home and left to their own devices, it’s inevitable that some will find security work arounds, such as using personal laptops and not changing passwords, to maximise productivity. It’s also possible that the changes in security procedures are not being communicated well to employees, and many are practising unsafe internet usage without even realising,” said Andy Heather, VP, Centrify.

SMBs at risk

Separate research issued today reveals UK SMBs are at risk of 65,000 cyber security attacks daily – with around 4,500 of these being successful.

The findings come from a new report by global recruiter Robert Walters and data provider VacancysoftCybersecurity: Building Business Resilience – which claims that the cost of data breaches to UK companies is around £2.48 million per instance.

The research shows that just 11 percent of UK businesses stated their entire workforce (at the same time) were able to work remotely pre-lockdown, this sky-rocketed to 70 percent once lockdown hit. Most white-collar firms were able to push the button on remote working in less than a week.

However, it notes that “little consideration by the government was given to the vulnerability of IT & cloud security when businesses were told they must enforce remote working.” In fact, almost half of companies (48 percent) admitted that they do not have adequate cybersecurity provision to maintain a 100 percent remote working model.

“It is predicted that the current £68 billion spend on cybersecurity will need to be doubled, at the very least, to be up to scratch with new ways of working. However, in a period of rapid, non-legislated change, the question remains about where accountability lies regarding data breaches,” it notes.