Category Archives: Data

Cybersecurity, Data

Embarrassment is Endemic as 64.5% Say They’ve Sent Work Emails to the Wrong Person

The latest Data Breach Incident Report from the Information Commissioner’s Office (ICO) revealed that misdirected emails were the number one cause of data breach incidents during Q4 2019, accounting for 20% more reported incidents than phishing attacks.

In response to these findings, we commissioned a straw poll with CitizenMe to learn more about these email errors with 300 email users in the UK and 300 in the US. Our poll found that almost two-thirds (64.5%) of respondents admitted to sending emails to the wrong recipients, with everything from confidential figures to court documents going astray. Here is what else this quick poll showed us:

Red-faced respondents say they don’t report email errors

Although 68% of UK respondents and 61% of US respondents admitted to sending work emails to the wrong recipient, anecdotal comments from those who admitted to doing this also showed that they hadn’t reported the incident to their line managers.

Anecdotal responses:

Mistake: I once sent confidential figures to a colleague in my team rather than the CEO as they both had the same first name. Outlook gave me her name as a suggestion rather than the CEO.

Did you report it: No, my colleague saw my mistake and quietly told me.              

Mistake: I sent a document for a bankruptcy to the wrong client because I mixed up two small businesses.  Both were chapter 7 bankruptcies filed around the same time and they both began with the letter A.  I accidentally sent a document that came in from court to the wrong client because I confused the two, as previously mentioned.

Did you report it: No I did not. We are small business and I apologised to the client it was sent to and advised to disregard.  Then I sent the document to the correct person.

Mistake: I emailed an excel sheet about future investment opportunities to the wrong person.

Did you report it: No, just apologised and sent it to the right receiver.

Elevated risk environment:

The ICO report and the results of our quick poll show that this is really just the tip of the iceberg.  Most email data breaches go unreported, so it’s difficult for CISOs and their security teams to fully grasp and tackle this problem. What’s more, with 60% of the UK’s workforce now working remotely, we’ve seen a 23% increase in email usage due to the pandemic.  Imagine what the true cost of misdirected emails would be if all were reported as data breaches?

In this elevated risk environment, where misdirected emails can have devastating repercussions if personal or corporate data is exposed, it is paramount that organisations provide staff with technology that stops outbound emails going to unintended recipients.

COVID-19: a catalyst for Digital Transformation

Post Covid-19 it remains to be seen what the new normal will look like, but all indications are pointing to increased remote and flexible working across the board. Organisations will then have the opportunity to distribute finances previously allocated to expensive real estate for other purposes. With remote working seemingly here to stay and email remaining the most common business communication tool, intelligent email security that prevents breaches and protected data must become a central part of organisations’ digital transformation stories.

Data, Networks, News

Why a “one-size-fits all” data management solution will never work

Martin Sugden, CEO, Boldon James explains why data management should be at the top of every organisation’s priority list

In a world where data loss is costing organisations millions of dollars in fines, there is not one organisation who should not have data protection at the top of their agenda - especially in the current climate with workers spread more remotely than ever. The trouble with the security software landscape today is that many solution providers are promising “one-size-fits-all” tools; something that on the surface can offer everything your organisation needs but are often too good to be true.

The challenges with “one-size-fits-all” solutions 

Many businesses, when observed from the outside, can appear to have similar problems that need to be resolved. However, when you really delve into their processes, almost every medium to large organisation is unique. Each will operate against slightly different regulatory frameworks and use different tools to achieve their goals. Many will have also grown, some through acquisition, or experienced growth at different times, with the result that their equipment and infrastructure is peculiar to them.

I think the biggest single failure in large corporates is that the annual budget cycle, and the need to

respond to market conditions, often makes security an afterthought. Against this background, the CISOs and CDOs are trying to combat well established would-be hackers and meet the requirements of an increasingly onerous regulatory and compliance regime. They then need to explain these issues to their senior management in order to get the appropriate funding. After all of this, you can see why there is a temptation to reach out for a labour-saving miracle cure; skipping the planning stages and going straight in with packaged products which promise the capability to do everything.

The problem with this is that they are committing large parts of their budget to a solution that can lack the bespoke tailoring needed in order to meet their specific requirements. They are also often focusing on the high-profile issues such as data theft by nation state actors (hacking) and forgetting, or ignoring, the fact that roughly 50% of data loss is leakage through human error. People simply make mistakes whilst trying to get their day jobs done under pressure, and events like COVID-19 enhance this. We are all now using tools that we may not be familiar with, and the training that is required to make sure your user community does not leak sensitive information when using them can be much more difficult when working remotely. There is a lot of sensitive information now being shared from unstructured data sources and via insecure channels; it may be going via email to a number of different people before being stored in the structured environment, such as a HR database, that it was meant for.

However, we know that any security control implemented in an organisation imposes operating constraints on the business, so the tools need to work as a whole in the exact way you need – not the way that someone thinks you should work to be worth the investment. For example, badly deployed DLP, or overly aggressive post-delivery controls, can make the organisation lose faith in the solution and make you roll back even the sensible controls you have in place.

GDPR mandates Security by Design

The GDPR legislation in particular talks about ‘Security by Design’. Organisations need to think about and understand their business processes in order to develop a solution that meets their needs. Often, once they have done this, they realise that the multiple automated security tools they have in place do not fully meet their requirements or cannot be modified as their needs change.

By incorporating a data classification strategy, businesses are able to understand the sensitivity of their information and can treat it accordingly. According to Gartner, “Data classification policies provide an important foundation to help organisations address the handling of sensitive data. The policies should be easy to follow and flexible so that data is appropriately protected, and business is not adversely impacted.”

For example, lots of files look the same and have similar information; it is very difficult for an automated tool to tell the difference between a regional sales report, a team sales report, and a global sales report. That automated tool is going to give the reports the same label, despite the potential security implications if each one is classified in the same way. The only person able to do that effectively is the original creator of each document.

Data Governance throughout your supply chain

Another area that every organisation needs to focus on more effectively, and one of the reasons why the “one-size-fits-all” automated tools really start to drop into the background, is third party risk. When sharing data throughout their supply chain, the off-the-shelf solution is not going to be suited to the environments that these companies are operating in. The problem with that is that without having some clear definition of what your data is, it can be impossible to manage it outside of your organisation.

Metadata is the usual method for storing the classification with your information, but for protection of your information, the classification must be cryptographically bound to your information (this prevents your sensitive document becoming insensitive). Also, to further simplify information sharing, the metadata cannot be bespoke to your organisation; otherwise sharing information is made more difficult with unreadable classification metadata.

Data classification is critical for business success

With the information classified and protected using a common format, the organisation can now begin to apply access control policies to control the flow of information throughout the entire network. Who needs access to the information, the location of the user, the type of device they are using are all factors that may affect whether a user has access to the sensitive project documents.

When it comes to data protection and security within your organisation, the solution you choose is going to have multiple touchpoints with business processes and productivity tools. Therefore, when looking at building your security ecosystem, you are going to want a wide range of complementary security and data management solutions to avoid having a serious mess to resolve at some point. And remember, “Sometimes buying the cheapest thing is the most expensive route”.

Data, Law, News, Technology

Will The International Datacentre Sector Survive The 14 Day Quarantine?

Stephen Whatling, Chairman at BCS, considers the impact a 14 day quarantine period could have on the datacentre sector

The latest proposals by many countries, including the UK, to implement a 14-day quarantine period for people arriving from overseas has divided the UK between those that think it should have been sooner and others that see their hopes of a summer holiday disappear. There is however no doubt that it will have a major impact on the data centre sector which relies heavily on highly mobile staff with specialist expertise. And this is at a time when demand for capacity has never been higher and resilience is vital.

There is some good news as it seems that data centre operatives will be allowed to travel to and from the UK without having to quarantine on their return as the UK government advice gives exemption to ‘persons involved in essential maintenance and repair of data infrastructure required to reduce and resolve outages, or in the provision of goods and services to support these activities’. However different countries have different quarantine rules and there is no standardisation, even within Europe.

And this is only part of the issue. The availability of flights will probably remain an issue as airlines decide upon their economic models but are inevitably going to be more expensive as they won’t be at capacity. This may well prevent essential cross-border journeys that data centre specialists regularly make to provide much needed service and maintenance.
All of this is of course exacerbated by the well documented skills shortage which means that our sector often relies upon being able to move a small group of uniquely skilled experts between datacentres and construction sites in different countries. This skills shortage will get worse before it gets better. Many graduate vacancies and apprenticeship schemes, both vital in the ongoing provision of skilled data centre staff, have been put on hold until the future is clear. This delay in recruitment, training and provision of engineers will further slow the development of new capacity.

There are other practical considerations too. In the early days of the Pandemic we had people travelling to sites in Europe and even then, finding hotel accommodation was difficult despite the key worker status our team have purely because most hotels were closed. Those that were open didn’t have any restaurant facilities and even getting there was difficult as taxis were hard to find. These challenges are likely to continue certainly in some countries for many months.

There was a strong need for additional capacity even prior to the Coronavirus pandemic and key players, like Microsoft, were already looking to add capacity before the pandemic. During the lockdown many projects that are in design and preconstruction have continued and at BCS it has been business as usual for this part of our operation as well as our consultancy activity.

For example, we have just completed a fascinating piece of work for a company looking to invest in a significant facility in Asia. Obviously, we had to do the work remotely but were able to provide clear guidance and the project has been given the green light. However, any project management would always be done on site and the quarantine restrictions will likely affect the ability for contractors to complete these projects on time and within budget. This in turn could cause problems around contractual obligations (see factsheet from Conexus Law at www.conexuslaw.com).

In conclusion, in recent years the data centre industry has proven itself to be agile, forward thinking, adaptable and perhaps most of all resilient. So whilst the Covid -19 pandemic is by far the biggest challenge we have faced so far I am confident that we are up to the job.

Data, European News, International News, Technology

BCS Resumes Work in Italy’s Red Zone

Business Critical Solutions (BCS), the specialist services provider to the international digital infrastructure industry, has resumed work overseeing a major datacentre construction project in Italy’s red zone.

The project is located in Bologna, the capital of the Emilia-Romagna region in Northern Italy. It involves the construction of a 15,000 square meter 10-Megawatt datacentre facility. Despite being awarded ‘essential status’ by the Government, work on the project, which is at the civil engineering stage, halted on 13th March due to the Covid-19 pandemic which was particularly prevalent in the area. The site has now re-opened with strict new operating procedures designed to ensure the safety of the workforce. Measures include social distancing, increased sanitisation and staggered shift start and finish times.

Chris Coward, Head of Project Management for BCS, said:

“We are still facing issues around getting the right number of workers onsite due to continuing restrictions on travel across regions and many of the materials we need, such as concrete and steel, are sourced from the neighbouring Lombardy Region. We are committed to getting this project done but our major focus is on keeping people safe.”

Coronavirus, Cybersecurity, Data, News, Technology

Redscan reveals the most Googled cyber security and technology trends during COVID-19 pandemic

Redscan, the managed threat detection, incident response and penetration testing specialist, has released an analysis of the most searched security and technology terms during the COVID-19 pandemic. The findings demonstrate the technology priorities of UK businesses, the potential security threats they face, and the extent to which many were unprepared for such an event.

Key findings, based on Google Trends global search history data, include:

Coronavirus-related phishing scams are currently more searched for in the UK than those linked to many big brands, including Apple and Amazon. HMRC phishing scams were also widely searched for, coinciding with the introduction of unprecedented financial support for employees and businesses most affected

Searches for “Business continuity plan” saw a huge spike between 8-21st March 2020, significantly higher than any other time in Google’s history – revealing the extent to which the pandemic has triggered panic amongst businesses, many of which would not have had such a plan in place

Search interest in “remote working”, “collaboration tools and “remote access” reached record highs in March, as organisations sought solutions to facilitate employee home working.

“VPN” searches also saw a significant spike in March. Since 8th March, VPN is more searched for in the UK than Chancellor of the Exchequer, Rishi Sunak, who has also seen an increased number of searches during the virus pandemic

“Antivirus” also saw increased searches in March, but searches for this term over the last 10 years remain on a steady decline

Zoom is currently the most searched online collaboration technology, ahead of GoToMeeting, WebEx, Slack, and Microsoft Teams. Despite reported security and privacy concerns (including the rise of “Zoombombing”) all these collaboration related tools generated a significant spike in online search interest during the month

“Google’s search data tells a clear story of businesses trying to adapt to remote working and related security and technology challenges of greatest concern,” said Mark Nicholls, Redscan CTO. “A spike in business continuity plan searches is hardly a surprise, but it is also troubling to think that so many are Googling the term now. It suggests that many businesses did not already have a continuity plan in place, and now is hardly an ideal time to implement one. But better late than never.

“Ensuring that employees have the tools in place to work from home has been a priority of IT teams but it’s important that organisations are vigilant about the increased security risks and put appropriate controls and processes in place to mitigate them – such as ensuring that cloud platforms are appropriately configured and monitored.

“At this moment, search traffic is so high for COVID-19-related phishing scams that it exceeds search volumes for phishing attacks imitating major brands like Apple. Cybercriminals are treating the pandemic as a unique opportunity to target remote employees, who may be more vulnerable to social engineering away from the protection of an office network. During this difficult time, employee cyber awareness training and proactive network and endpoint monitoring are more important than ever.”

Data, News

Keysource Appointed to NEUPC Framework

Keysource, the data centre specialist, has been appointed to the North Eastern Universities Purchasing Consortium (NEUPC) Framework for the provision of Data Centre Management equipment and Infrastructure for a further four years. With a relationship which dates back to 2010, Keysource is now one of the most experienced companies on the framework and is able to offer its full range of its service from consultancy through to delivery and ongoing management as the top ranked framework supplier.

NEUPC is one of six UK Higher Education purchasing consortia established to deliver and manage a wide range of collaborative framework agreements within the higher education sector. NEUPC’s new Data Centre Management Framework offers a broad scope of equipment, infrastructure and consultancy. The framework was designed by IT and Telecoms procurement experts from Higher Education institutions to speed up the process of data centre procurement for members and provide a supplier benchmark for services.

Richard Clifford, Senior Consultant and Head of Innovation at Keysource, said:

“We have a long pedigree of providing high performance data centre facilities to the education sector and our clients include University of Leicester, University of Exeter and Bristol University. This is our tenth year of working with NEUPC as one of their trusted data centre companies that will support the Education sector in UK.”

Paul Eagleton, Framework Manager, said:

“Keysource have been a Data Centre framework supplier since 2010 and following a high quality bid submission we are delighted to have them on board once again to support our Universities during this time of unrivalled technological change.”

Data, Technology

Meeting The Forecast Demand For Datacentre Capacity Has Its Challenges

According to a latest industry survey from BCS (Business Critical Solutions), 90% of investor and developer respondents expect to see a further expansion of their datacentre portfolio in the coming year. This ongoing increase in supply is matched by demand and provides opportunities for developers, designers and constructors.

With around half of the survey respondents expecting to increase their externally managed datacentre space within 12 months, there is also an opportunity for third party suppliers.

However, the survey identified a number of challenges that must be overcome for the demand to be met and these opportunities to be fully realised. In addition to the skills shortages in the designing, building and operation of datacentres with over three quarters of respondents foreseeing an issue, the demand for energy to power data centres is forecast to rise and increased costs pose a threat to the supply of new capacity.

Over 75% of surveyed professionals expect their levels of power consumption to rise over the next three years and four-fifths of respondents see the availability of power as the single most important factor affecting datacentre supply. This suggests that the challenge for the industry is to meet this demand in the short term, whilst sourcing long term sustainable power.

A further challenge to the supply of datacentre capacity is the increasing costs of raw materials in Europe. Around two-thirds of directly affected parties such as developers, designers and construction professionals believe that this represents a major threat to the data centre design and build process.

James Hart, CEO at BCS (Business Critical Solutions) said:

“With demand forecast to rise so sharply there is a huge opportunity for those involved in the design, build and operations activities. However, as an industry we need to collectively overcome the challenges this brings or face potentially severe consequences with demand outstripping supply and costs rising even further. At BCS we are continuing to work with our clients to design cost effective datacentres, looking for ways to optimise the use of raw materials and to improve the efficiency of datacentres thereby reducing the energy requirements.”

The Winter Report, now in its 11th year, is undertaken by independent research house IX Consulting, who capture the views of over 300 senior data centre professionals across Europe, including owners, operators, developers, consultants and end users. It is commissioned by BCS, the specialist services provider to the digital infrastructure industry.

Data, Technology

Organisations Setting up to Fail as They Struggle to Maximise Value from Their Data

Coeus Consulting, an award-winning independent IT advisory, today announced new research into the approaches organisations are using to drive value from their data. The report – Beyond Technology: How can Organisations drive Sustainable Value from Their Data Investments? – highlights that many organisations are potentially failing to realise the potential value of, or monetise their data, despite 74% acknowledging it as a key priority.

The survey found that 80% of the large organisations surveyed, believe accountability for data strategy rests with technology leaders such as IT Directors, CIOs or CTOs. Additionally, only a quarter of organisations currently elect to have a Chief Data Officer, and even less place accountability with others in the C-suite. Emphasis is being placed on speed (32%), cost (28%), and competition (30%), but less so on more fundamental underlying value, the insights it offers, or decision-makers’ ability to develop new products and services from those learnings.

According to one source, DATAVLT, only one per cent of the data companies collect is currently analysed, and they expect as many as 96% of businesses that exist today to fail in 10 years.

“Many investments in data and analytics have been started from a technology perspective with little alignment to business value or desired outcomes that can be measured against a business strategy. Businesses need a change of mind-set and approach right across the organisation, and the challenge is more than simply collecting data and making it available”, commented Richard Graham, Associate Director, Coeus.

However, the survey did find that 66% of respondents are actively trialling the use of machine learning (ML), artificial intelligence (AI), natural language processing (NLP) and automation capabilities. Yet, only 39% admit to widely using data lakes and warehousing, suggesting that organisations have either not completed these activities or are not placing enough importance on them.

“Being data-driven is an imperative for most organisations and there is a growing trend to incubate and deploy advanced analytics, but organisations need to ensure they have certain fundamental capabilities in place before trying to achieve digital transformation.

“There seems to be a motivation to be ‘AI first’, perhaps driven by the perception that most organisations are already ahead in using these capabilities, rather than getting to grips with untapped value in existing data, and how best to make use of it.” noted Graham.

The survey results highlight that there are many obstacles to overcome before companies can begin to see meaningful benefits from the data available through technology-led investments such as AI. Of the top five enterprise data bugbears, the majority are business-related: the scale and complexity of data sets (27%); governance and ownership (24%); the lack of a data operating model (19%); regulatory compliance issues (19%); and difficulty in integrating new technologies.

Organisations are facing tougher regulatory environments and when asked to express their concerns about data regulations, compliance with ethical and moral requirements was the biggest, cited by 49% of respondents. This has obvious implications for data management, analysis, and technology buying decisions, and the potential reputational and financial repercussions.

Sixteen per cent of respondents also stated that a lack of expertise and skills is a major obstacle. Whilst companies are investing in foundational skills, moving skills in-house and introducing new roles, third parties and external contractors play a key role in enabling and supplementing these organisations and will continue to do so.

When asked where organisations are seeing the biggest benefits from their data initiatives, 43% of respondents said they are in ‘improved customer insights’, while 41% identified an improved ability to take proactive, predictive decisions. Improved reporting’ also scored highly, along with better management of risk and regulatory compliance (37%). However, only 24% cited an increased ability to meet customer needs, with 20% citing a greater ability to spot future business opportunities.

In contrast, just 12% identified attracting new customers as a core motivation – the least favoured option on the list, this is despite the realisation that improved customer insight could be the biggest benefit.

“This is surprising given it’s so important in markets that are becoming hyper-competitive. Nearly every type of business is being disrupted by new players and a lack of customer loyalty, especially on new digital channels. Investing in customer insights and new product development ought to be a high strategic priority alongside consolidating market position”, said Graham.

“Being able to seamlessly integrate data and analytics into standard business and IT operations should be the goal of all organisations, to unlock value in your data and information. Businesses need to create an aligned data and business strategy that positions data as a strategic asset, and prioritises resources to integrate data management and analytics effectively”, Graham concluded.

You can view the full report – How can Organisations drive Sustainable Value from Their Data Investments? here.

Cybersecurity, Data, Midlands News

23% of Midlands workers who mishandled sensitive information lost their job

Office workers in the West Midlands have experienced the most serious consequences from the mishandling of sensitive information at work, with nearly a quarter (23 per cent) admitting to having lost their job as a result of their mistake.

The national survey, commissioned by information security specialist Shred-it, found that 13 per cent of workers in the West Midlands had made a catastrophic error at work by leaving sensitive information lying around or losing something important.

Furthermore, 42 per cent of West Midlands-based workers admitted that their company had lost money or customers as a result of their losing private or sensitive information, compared with 25 per cent in the North West, 36 per cent in the North East and 26 per cent in the South West.

When asked if they had reported the loss of sensitive data to their company, 23 per cent of West Midlands workers said they had, whereas this figure was higher in other key regions, including 35 per cent in the North West, 38 per cent in the South East and 55 per cent in London.

The research also looked at the most common workplace errors, and revealed that 30 per cent of workers in the West Midlands had copied in the wrong person to an email, while 38 per cent had left their computer screen unlocked while they were away from their desk, leaving them and their company exposed to a potential data breach.

Ian Osborne, VP UK & Ireland for Shred-it, commented:

“This survey shows the different attitudes to handling sensitive information at work and when travelling to and from the office between workers across different regions of the UK. It is interesting to see that nearly a quarter of workers from the West Midlands had experienced the most extreme consequence of losing their job as a result of mishandling sensitive information at work.

“It’s all too easy to leave a laptop open without password protection or to throw sensitive documents in the bin, however these seemingly small errors can have serious repercussions, both for companies and their employees, no matter where they are located, potentially resulting in hefty fines or – as we have seen – even job losses.

“Companies must have strict policies on data protection that are communicated clearly to all employees and updated whenever necessary, to avoid potential breaches and to ensure compliance at all levels. Data protection is an important element to all businesses and one that cannot be ignored.”

For more information about Shred-IT, who authored the survey, please visit https://www.shredit.co.uk/en-gb/home

Brexit, Cybersecurity, Data, News, Technology

Data Privacy & Cyber Security are top Brexit countdown worries for UK Business Leaders

Technology issues are now seen to be the biggest threat to business continuity in a post-Brexit world, according to new research conducted among UK business leaders commissioned by ThoughtWorks.

Feeling exposed to – and unprepared for – a range of pressing data safety and cyber risk issues (33%) was a greater concern for 2020 than a range of specific Brexit challenges – such as the weak Pound (24%), supply-chain disruption (20%) and the employment of EU citizens (22%).

With Michel Barnier urging UK businesses to safeguard themselves against cyber threats in the run up to Brexit[1], ThoughtWorks – the global software consultancy – asked 1,022 British businesses which perceived threats to business continuity post Brexit they were not fully prepared for. Overall, 82% of firms identified one or more threats to business continuity as a result of Brexit, a view that was consistent across all sectors and major cities.

Of the 33% of business leaders that mentioned tech worries, the specific areas of concern comprised of:

● changes to the transfer of personal data between the UK and the EU (54%);

● vulnerability to cyber-attacks (42%);

● changes to the storage, purpose and processing of customer data (30%).

These findings come less than 18 months after GDPR was introduced, which has been followed by a series of widely-publicised data breaches involving major brands. Indeed, the survey suggests data safety becomes a bigger issue the larger the business. The larger companies polled were more than twice as likely than small businesses to see tech issues – including cyber-attack risks and data safety – as the biggest threat to business continuity in post-Brexit Britain (47% compared to 22%)[2].

Beyond tech fears, there were a number of additional financial and operational concerns for businesses in adjusting to the prospect of Brexit. Financial issues included the falling value of the Pound (24%) and disruption to flows of capital or changing investor appetite (14%). In terms of operational issues, many foresaw disruptions to their supply chain as a threat to business continuity (20%), whilst other business leaders were worried about access to talent – specifically, the employment of EU citizens in the UK – and UK citizens in the EU (22%).

Whilst London is often seen to be at the centre of Brexit debate, the ThoughtWorks research canvassed business leader opinion across the UK, listening to decision makers from more than 10 of the country’s biggest cities. The results show that whilst across all cities business leaders were uniformly worried about risks to business continuity, technology issues were a particular concern in England’s three biggest cities – London (44%), Manchester (39%) and Birmingham (38%).

Specific city highlights:

● Edinburgh businesses were the most likely to say they were concerned about exposure to cyber-attacks (25%). Beyond tech issues, firms in Edinburgh were also highly likely to worry about the prospect of economic protectionism and trade wars after Brexit (25%).

● London businesses were also worried about cyber security after Brexit (24%) but were slightly more likely to be concerned over changes to the storage, purpose and processing of customer data after Brexit (25%).

● More than a third of Glasgow firms (35%) forecasted tech issues as the biggest threat to continuity after Brexit – with nearly a quarter worrying about the safe storage of data (24%). Glasgow businesses were also the most likely to worry about storing data safely compared to any other UK city (21% Vs. national average 12%).

Every sector – except for the retail sector – saw data and cyber-related issues as the biggest threat to business continuity after Brexit. The import and export of goods slightly tipped the balance for businesses in the retail sector (36% vs. 35%). However, for all the other sectors surveyed, tech issues topped the Brexit worry list – with the public services sector coming top at 47%.

Other sectors where business leaders were particularly worried about the impact of tech-related threats to business continuity included; media and tech (40%); financial services (37%); retail (35%) and manufacturing (33%).

Jim Gumbley, Head of Cyber Security, ThoughtWorks UK commented:

“After a period of unprecedented economic and political uncertainty, we wanted to ask businesses around the UK how prepared they felt for the key operational, financial, regulatory and tech issues that could result from Brexit. Whilst data security and cyber risks were seen as top concerns, it is important to stress that they are no longer just tech issues. Given what’s at stake for businesses, in terms of revenues, brand equity, trust and reputation, security and processes surrounding data need to be factored into the highest levels of corporate strategy.

“Whether UK businesses are pursuing their own development initiatives or investing in tech-driven start-ups, data security must be factored in from the get go. From our London and Manchester offices, ThoughtWorks is helping major brands spanning a range of industry sectors to put data and security at the heart of their thinking and to develop a culture of innovation and agility so they can go towards change and market uncertainty .”