News & Resources

Technology Sector Data Breach Statistics 2020

  • Posted on

Our data breach investigation goes deeper, as we share the sector specific data breach statistics from office workers across the UK, starting with the technology sector.

You may remember our data breach survey from late October 2020. It revealed some shocking statistics about the ways in which companies dealt with the added data protection pressures during the pandemic. Specifically, it demonstrated that companies were simply not doing enough to protect their client and company data whilst working from home.

Our survey questioned office workers throughout the UK from various job sectors and we found that, while there were some general trends across all sectors, there were a number of key areas where some sectors were definitely doing worse than others.

So, how did the technology industry do?

Considering the links between technology and cyber security, you might expect those in the tech sector to do better than average when it comes to GDPR and data protection. Unfortunately, the stats tell a different story showing that, in many ways, tech companies are behind the curve on this important issue.

Key Technology Sector Data Breach Statistics 2020

Before we dive into the details of the survey results, we wanted to first pick out the headline stats to demonstrate how the UK tech sector is doing overall in terms of data protection. Overall:

  • 52% of companies in the tech sector have experienced a data breach.
  • 48% of tech employees said their company had experienced over 20 data breaches a year.
  • 42% of tech companies have received a claim for compensation due to a data breach.
  • 73% of tech companies don’t have both encryption and password protection in place at work.
  • 15% of those in the tech industry haven’t received GDPR training.
  • 38% of tech sector employees are not disposing of documents safely.
  • 13% of those in the technology sector don’t seek ICO guidance, and 17% don’t know what the ICO is.
  • Overall, 39% of tech employees said their companies were not doing enough to protect their client and company data.

But how does this compare to the average across all sectors? Read on for a comparison of how the tech sector does on key issues related to GDPR and data protection.

How the Tech Sector is Doing with GDPR, Data Protection and Data Breaches Compared to the Average

The Tech Sector Suffers More Data Breaches than Average

To get an idea of how the tech industry deals with GDPR generally, let’s take a look at the past data breach statistics for the sector.

We started by asking our data pool whether their company has been affected by a data breach. 52% of those in the tech sector said yes, they had, compared to the average of 45% across all sectors.

We then asked our survey participants how many data breaches their company faced every year. In the tech sector, 48% said their company had experienced over 20 breaches a year; higher than our survey average.

Our survey also showed that, as a result of these breaches, 42% of tech companies have received a claim for compensation. Clearly, this industry has a long way to go before they’re protecting their company and client data as best as possible.

The Technology Sector is Ahead of the Curve on Data Breach Preventative Measures

We then asked our pool what preventative measures they had in place to avoid a data breach.

Avoiding a breach is paramount in order to maintain customer loyalty and brand image, as well as reduce expenditure in the long-term. However, it was pretty shocking to see the lack of data protection infrastructure in place to avoid this amongst the technology sector:

Tech Sector Doing Well with Staff Training

We started off well, with the tech sector receiving one of the highest percentages in terms of staff training at work. In fact, only 15% of those in the tech industry hadn’t received training, compared to the average across all sectors of 21%.

This is great to see, especially considering over 90% of data breaches occur due to human error. At Hayes Connor, we believe it is a lack of education and knowledge on the potential dangers of mishandling of data that are the cause for these errors. Staff training is a major way to avoid this.

Tech Sector Above Average with Regulatory Action

We also discovered that only 7% of companies within the tech sector didn’t have a Data Protection Officer, which was pretty much the average value across all UK office workers. This definitely demonstrates a willingness to manage GDPR, which is further shown through the regulatory measures tech companies have put in place to limit breaches.

As you can see from the table below, those within this sector actually made an above average effort, in most ways, to avoid a breach:

 

Regulatory Action After Breach Average Amongst Sectors Technology Sector
Yes 71% 79%
More staff awareness and training 22% 30%
Installing new protection software 27% 28%
Cutting off unsecure suppliers 25% 27%
Increasing budget for GDPR 21% 40%
Bringing in a cyber security specialist 26% 26%
Providing team with work laptops 22% 27%
Providing secure passwords for new employees 20% 27%
Setting up multi-factor authentication on systems and log-ins 31% 35%
Making sure all work PCs go to sleep automatically after period of time 24% 40%
Installing malware security software on all computers 25% 35%
Contacting correct organisation when noticing suspicious activity 28% 28%
Making sure company works on secure network, e.g. a VPN 26% 31%

 

That being said, just because companies within this sector are “above average”, that does not mean they are doing well. For example, after a breach, 70% surveyed in the tech sector didn’t introduce more training or awareness for staff and 72% didn’t contact the correct organisation when noticing suspicious activity, despite having previously experienced a data breach.

In an ideal world, we would hope to see each and every one of the above stats at 100%. Without these measures being put in place, companies are exposing their clients to more and more data risks day in and day out.

Unfortunately, these stats show that those in the tech sector are exposing their clients to data breaches every day.

Tech Sector Not Seeking Enough GDPR Guidance

When asked if their company was doing all they can to keep company and client data safe, 39% within the tech sector admitted their company could be doing more. Although this compares positively with the average of 43%, it’s still shocking to hear that over 1/3 of tech employees feel their company could be doing more.

From the regulatory measures above, it’s very clear to see that these 39% of people are correct. In fact, only 27% of those within this sector have both encryption and password protection in place on their work PCs, compared to the 31% average across all sectors. This is a worrying statistic, considering human error plus lack of cyber security measures is a recipe for disaster.

When it came to seeking ICO guidance, those in the tech sector did marginally better. In fact, 13% said no, their company didn’t seek this help compared to 19% across all sectors. However, shockingly, 17% of those questioned didn’t even know what the ICO was, with a number of these people holding senior positions.

Clearly, there’s still a lot more GDPR education required before customer and client data is shielded from prying eyes.

Tech Sector Not Disposing of Sensitive Documents Appropriately

One of the most shocking statistics we came across in the write-up of our original survey was that nearly 2 in 3 employees who printed documents at home admitted to putting these documents in their bins without shredding them. Included in this group were 38% of those in the tech sector, beating the average by a couple of percent; not much to boast about.

Although this might not seem like a huge risk, disposing of documents in this way leaves them open to being seen by passers-by. At Hayes Connor, most of our claims are caused by human error, including leaving documents where they shouldn’t be. So, if those in the technology industry want to avoid being another statistic, not shredding documents is a big no.

Transition to Working from Home in the Technology Sector

We also felt it was important to assess how well UK office workers felt their companies transitioned to working from home during the first lockdown in March 2020.

Lockdown was the prime opportunity for malicious hackers to get hold of exposed data, and infiltrate systems due to a lack of software. It was also the prime time where human error would have been more likely than ever.

Because of this, we would have hoped to see employers providing their employees with the software and means to work from home effectively. We would have also hoped to have seen more emphasis being put on data protection through training. That wasn’t exactly the case.

Working from Home Measures in the Tech Sector at the Start of Lockdown

For those in the tech sector, only 44% of people said they felt their company was quick to ready their employees to work from home. This compared to the average of 46% across all sectors.

However, on closer inspection, it looks as though tech companies did marginally better than the average sectors across the board in terms of working from home measures:

  • 12% of tech workers were not provided with the equipment/software to work from home effectively, compared to the average of 16%.
  • 16% of tech workers were not working from home on a secure network when lockdown hit, compared to the average of 24%.
  • 24% of those working from home were using a personal laptop, which are much less secure than work laptops, compared to the average of 29%.
  • Out of the people using a personal laptop to work from home, 13% of these people within the tech sector were not set up with the appropriate software to work from home safely, compared to the average of 16%.
  • 56% of those using a work laptop also used it for personal use, leaving work documents much more open to malicious intervention, compared to the average of 46%.
  • 35% of tech workers said they’d been provided with “a lot” of data protection guidelines to work from home effectively compared to the 28% average.
  • Meanwhile, 46% said they’d had some, and the final 19% said they hadn’t really had any.

As you can see, the tech sector did a little better than the average sectors in terms of implementing working from home measures. That said, the percentages are still not what we would expect to see; we would hope to see every percentage as low as possible.

Clearly, tech companies still have a long way to go before they’re securely dealing with company and customer data.

Working from Home Measures in the Tech Sector by October 2020

Our survey was carried out in October 2020; 7 months into the coronavirus pandemic and working from home. However, when asked if their company had made preparations since then to protect client and company data, 47% of tech industry workers said no.

This late in the game, we would expect to see 100% of tech companies having made the necessary changes to work from home effectively. Unfortunately, this is not the case and, although this may not seem like a huge percentage without measures in place, it’s these small number of cases that will put companies at risk of a data breach.

Methodology

An online survey was conducted by Atomik Research among 2,006 respondents (197 from the tech sector) from the UK, all working in an office. The research fieldwork took place on 19th October – 27th October 2020. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code.

The Tech Sector Has a Long Way to Go with GDPR

As you can see, although the tech sector does better than average in terms of GDPR in some ways, they still have a long way to go. For starters, being “better than average” does not equate to doing well in terms of data protection.

To add to this, we’re assuming that the survey participants know what data protection guidelines should be in place. Ultimately, though, their answers are based on their perceptions of what “a lot” of guidelines are; in reality, they could be getting the bare minimum.

For those in the technology industry, this should be a wakeup call to make the changes to avoid a breach. Whether it be cyber security measures, or efforts to avoid human error wherever possible, these changes need to be prioritised.

If you’ve been affected by a tech company data breach, or any other company data breach for that matter, be sure to reach out to the team at Hayes Connor. Their expert solicitors are equipped to deal with the physical and emotional trauma that comes with this. So, head here for more information and to make a claim.