Home » Topics » Cybersecurity » Why staff losing laptops costs more than ransomware attacks

Why staff losing laptops costs more than ransomware attacks

Easy pickings: lost IT devices cost businesses far more in ICO fines than ransomware attacks

Avatar photoby Tim Adler

The Information Commissioner’s Office fined businesses £26m over the past two years for staff losing laptops and smartphones but only fined one company £98,000 for leaving itself vulnerable to a ransomware attack

Lost work laptops and phones have cost businesses £26m in fines over the last two years alone.

According to Cisco research, the Information Commissioner’s Office received more than 3,000 reports of lost devices which contained personal data.

Businesses were fined a total of £26m as a result.

In fact, staff mislaying their laptops and smartphones cost businesses far more in fines than cybersecurity attacks – just one business, a law firm, was fined for security failings which allowed a ransomware attack to happen.

In March this year the ICO fined Tuckers Solicitors £98,000 for failing to “implement appropriate technical and organisational measures” on its computer networks to shut out ransomware hackers.

Online criminals broke into the London-based criminal law firm’s systems and stole thousands of files, some of which were later dumped online for anyone to read.

Martin Lee, a technical lead for cyber security with Cisco, wondered if staff losing thousands of laptops and smartphones was to do with commuters unused to going back into the office post-pandemic.

Lee told the Telegraph: “Going to the office might not be an everyday routine any more, where you put your laptop in your backpack and get in the car and drive off, or get on the bus.

“With remote workers travelling between locations, they’re carrying their laptops with them as working practices have changed.”

“Leaving your laptop, in the bus, in a cafe, having it stolen or something is entirely predictable.”

If your business loses a device containing or capable of accessing personal data of customers or suppliers, the loss must be reported to the ICO under data protection laws.

Further reading:

Top 10 most disastrous cyber hacks of the 2020s so farThis article takes a look at the top 10 most disastrous cyber hacks carried out on organisations in the 2020s, so far

Combating common information security threatsWhat are the security threats most often faced by businesses today and how can they be overcome?

Establishing a strong information security policyThere are several considerations for companies creating an information security policy. So, how can organisations ensure they have a strong policy in place which reflects the needs of the business?

Avatar photo

Tim Adler

Tim Adler is group editor of Small Business, Growth Business and Information Age. He is a former commissioning editor at the Daily Telegraph, who has written for the Financial Times, The Times and the...

Related Topics

Cyber Security
Personal Data
Smartphone

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise