Device Theft on the Rise: A Rising Threat to Organizations with Flexible Models
A recent study has revealed that an alarming 76% of respondents have faced incidents of device theft over the last two years. This issue appears to be more prevalent in organizations that adopt flexible working models, according to findings from Kensington. The research indicates that 85% of those organizations reported theft incidents, in stark contrast to 71% of their counterparts with employees working entirely on-site.
The survey encompassed 1,000 IT decision-makers across various industries, and the results point to significant financial repercussions and productivity losses ensuing from device theft. Nearly one-third of participants noted increased insurance costs attributed to repeated device theft incidents. Furthermore, 33% faced legal or regulatory challenges due to data breaches stemming from compromised devices, while 30% incurred expenses from replacing stolen equipment. The productivity of 32% of organizations was also disrupted as a result of these thefts.
Data breaches were highlighted as the top concern among IT professionals, with 46% alleging that their organizations had experienced a breach directly linked to the absence of device security. According to the IBM Cost of a Data Breach Report 2024, the global average cost of such breaches has risen to $4.88 million, marking a 10% increase from the previous year. Among organizations that suffered data breaches due to insecure devices, 60% did not employ security locks, compared to 38% that had implemented such measures.
The study also identified the most significant vulnerabilities that senior IT decision-makers worry about, predominantly focusing on thefts of laptops, desktops, tablets, and external storage devices. Unauthorized access to company data is a concern for 43%, while 23% are apprehensive about visual hacking—instances where sensitive information is observed in public spaces. Additionally, 22% expressed anxiety over the potential loss of sensitive data through insecure home networks.
The findings indicate a strong acknowledgment of the protective role physical security measures, such as security locks, play in preventing device theft and unauthorized access. Among the respondents, 97% recognized their importance, especially as work environments transition from secure office locations to more vulnerable home office setups and public spaces. Notably, organizations utilizing security locks were found to be 37% less likely to experience data breaches linked to unsecured devices.
Consumer service and healthcare sectors were particularly impacted, with 65% and 57% of organizations respectively experiencing breaches resulting from unsecured devices. The likelihood of facing device theft incidents appears to be higher among smaller organizations, particularly those with 100 to 249 employees, at 82%, compared to 69% in larger organizations exceeding 1,000 employees. This trend underscores the disproportionate effects on smaller firms where resources are generally more constrained.
Interestingly, senior-level personnel reported a higher incidence of theft impact at 87%, compared to 67% among mid-level managers. This discrepancy raises concerns that those responsible for daily management may lack awareness of the potential risks posed by unsecured devices. In fact, 84% of senior IT decision-makers believe that security locks are a cost-effective measure for mitigating the potential for data breaches, with 42% asserting they provide significant value in preventing such incidents.
While physical security measures are essential, experts emphasize that they should be integral to a comprehensive strategy addressing security threats related to hybrid working. In navigating these evolving risks, organizations must consider a range of tactics and techniques outlined by the MITRE ATT&CK framework, including initial access, persistence, privileged escalation, and more, to bolster their overall cybersecurity posture.
