How Hybrid Working Has Increased the Risk of Data Breaches

Optimising the Onboarding Flow: Biometrics

As featured in Financial IT

TransUnion Managing Director of Consumer Interactive, Kelli Fielding, and Senior Account Director of Data Breach Support Services, Mark Read, examine new research highlighting the need for UK businesses to be prepared for the growing threat of a data breach

Changes to working practices as a result of the pandemic — in particular, hybrid working or fully remote employees — have increased businesses’ concerns regarding the risk of a data breach, according to new research published in TransUnion’s recent Data Breach Support for Businesses ebook.

More than 8 in 10 UK businesses believe hybrid working increases the risk of a data breach, yet over a fifth (22%) remain unprepared if one happens with speed of response the top concern.

In fact, nearly a quarter (23%) of business leaders cited hybrid working as their top data breach threat. This is because workers are now regularly switching between secure office environments and vulnerable home networks, and handling sensitive information on public or unsecured private networks. As a result, the risk has risen for both accidental and malicious data breaches.

Kelli Fielding, Managing Director of Consumer Interactive at TransUnion in the UK explains: “As more staff work remotely at least part of the time, it makes it difficult to have the same security protections in place across all devices that businesses would have had previously. It also leads to more devices being transported, and therefore, lost or stolen more regularly, highlighting the threat of physical breaches is still very much present.”

Business leaders expect 43% of their workforce to be hybrid working in the coming year, bringing a far greater potential for devices and data to end up in the wrong hands. Software, such as Zoom or Teams, has been increasingly used to facilitate remote working during the pandemic. This potentially elevates risks by adding more avenues for criminals to target, and forces employees to remember more passwords, creating a greater chance of human error.

Mark Read, Senior Account Director of Data Breach Support Services at TransUnion in the UK adds: “Working from home may also make people more susceptible to phishing attacks, which according to our own analysis, are the most common type of digital fraud related to COVID-19 globally. In fact, per the Information Commissioner’s Office, phishing attacks are responsible for nearly a quarter of UK data breaches.i

The scale of the problem

Since the General Data Protection Regulation (GDPR) was introduced in May 2018, more than 32,000 breaches have been reported to the Information Commissioner’s Office (ICO), with fines worth £90m issued to UK businessesii. This year alone, more than one in four UK businesses reported they’ve experienced a data breach.

Last year, data breaches in the UK were reported to have cost the impacted businesses £3.4 million on averageiii, with a fifth of businesses that experienced data breaches losing customers as a direct result.

Minimising the risks

The top priority to minimise risk is to train and communicate with staff — particularly those who are hybrid or remote working. Given that phishing accounts for a half of COVID-19-related scamsiv, according to TransUnion’s Consumer Pulse data, being taken in by one of these scams is often the starting point that leads to a data breach or a company being ransomed for their data.

Almost all UK businesses saw an attempted phishing incident in the past 12 months, according to TransUnion’s new research, with almost three-quarters receiving more phishing attempts than in the previous year.

Businesses should provide approved technology which is current with the latest patches and updates, and encourage employees to be extra vigilant about opening links and attachments in emails — training them how to spot a phishing attempt.

Dealing with a data breach

Speed and clarity of response are crucial elements in retaining customers and building trust after a breach. Businesses need to have an in-depth plan in place to communicate with customers and offer them solutions that help keep them protected and provide peace of mind.

“Businesses that suffered a breach highlight costs like the expense of investigating the incident (37%) and compensating customers (28%) as the most common problems following a breach. But the long-term loss of consumer trust can be just as challenging,” said Fielding.

“Three in 10 businesses say a data breach damaged their reputation, while 19% said they lost customers as a direct consequence. By offering the right tools in the wake of an incident, businesses can give their customers the ability to detect signs of identity theft, minimising the chance of financial loss and protecting those whose data has been compromised.”

Protecting consumers and retaining trust

To protect consumers and help minimise the chance of financial loss, TransUnion’s TrueIdentity solution provides credit information alerts and dark web monitoring services to customers who’ve been affected, enabling them to spot potentially fraudulent activity and safeguard their identity in the event of a breach.

This helps protect them against identity theft as they can quickly spot any potentially fraudulent activity and take prompt action — providing confidence to consumers who may have been impacted and helping businesses retain their trust.

Be prepared

TransUnion’s research found that over a fifth of businesses said they either feel unprepared or uncertain they could respond effectively to a data breach. However, in light of the increased risks, businesses should operate in a way that assumes a data breach is likely to happen at some point. This means it’s crucial to have a robust incident response plan in place, as it could be a matter of when and not if a data breach occurs.

Read explains: “Being able to respond quickly enough was the main concern reported by unprepared businesses in our research. When dealing with a data breach, speed of response is crucial. If you plan ahead and are ready to act, it can significantly reduce the harm caused.”

In some cases, businesses will have a duty to notify the regulator in the first 72 hours and affected consumers without undue delay. Businesses need a regularly updated and tested plan in place, including measures to protect customer identities and finances.

To help minimise the risks that come with a data breach and ensure you have the right contingency plans in place, download your free copy of TransUnion’s new Data Breach Support for Businesses ebook.

Unless otherwise stated, all figures are from TransUnion’s survey of 500 UK businesses between 23 July and 2 Aug. 2021. The study spanned a wide range of sectors and ranged from small businesses of less than 50 employees to large organisations.

iBased on a Freedom of Information request issued to the ICO in April 2021, with data requested on the nature of data breaches since May 2018

iiBased on a Freedom of Information request issued to the ICO in April 2021, as above

iii2021 data from IBM’s “Cost of a Data Breach” report, p14. Original figure converted from USD ($4.67m)

ivTransUnion’s Consumer Pulse study based on research conducted among 1,090 adults between 10–16 Aug. 2021

If you’re a consumer with questions or issues related to your personal credit report, drivers history report, disputes, fraud, identity theft, credit report freeze or credit monitoring services, please visit our Customer Enquiries page for assistance.

Contact Us

TransUnion would like to send you original insight, commentary and research on data, software and analytics, early notifications of exclusive events and information about our products and services. If you would like to receive that information, please let us know using the following options:

Business enquiries: If you have a non-sales related query please call us on (+44) 0113 388 4300

Please read our privacy notice , which explains who we are, how we collect and use your personal information and how you can exercise your privacy rights.

We're sorry, your request failed. Please try again in a little while.