Laptops lost by remote workers returning to the office are a bigger financial threat to British industry than ransomware hackers, according to new figures.
Data assembled by Cisco Systems shows that businesses were fined a total of £26m after employees mislaid their work-issued laptops and phones.
Over the last two years the Information Commissioner’s Office received more than 3,000 reports of lost devices that contained personal data.
Companies whose staff lost laptops and phones contain customer information are much more likely to be fined than businesses targeted by ransomware criminals.
Yet over the same period just one business, a law firm, was fined for security failings that allowed a ransomware attack to take place.
Martin Lee, a technical lead for cyber security with Cisco, said that office staff getting to grips with returning to regular commuting could be causing a rise in lost or stolen devices containing sensitive corporate information.
He said: “Going to the office might not be an everyday routine any more, where you put your laptop in your backpack and get in the car and drive off, or get on the bus.
“With remote workers travelling between locations, they're carrying their laptops with them as working practices have changed.”
“Leaving your laptop, in the bus, in a cafe, having it stolen or something is entirely predictable.”
Data protection laws say that if an employee loses a device containing or capable of accessing personal data of customers or suppliers, the loss must be reported to the ICO.
Ransomware has been named as one of the top cyber threats facing the UK by Lindy Cameron, the chief executive of the National Cyber Security Centre.
Ransomware is a type of computer virus that scrambles files. The criminal gang deploying the virus contacts the victim and demands payment in return for unscrambling the files.
In March this year the ICO fined Tuckers Solicitors £98,000 for failing to “implement appropriate technical and organisational measures” on its computer networks to shut out ransomware hackers.
Online criminals broke into the London-based criminal law firm’s systems and stole thousands of files, some of which were later dumped online for anyone to read.