What are the biggest security risks to companies turning over £10 million per annum?

What are these security threats and what can be done to mitigate them?


Businesses of all sizes but those particularly those turning over £10 million per annum, face a range of security threats both internal and external. Added to which some of these threats are down more to unintentional employee error rather than an attack outside the business.

Regardless of the type of threat a breach of sensitive company information can have, legal, financial and reputational negative consequences.

We have listed some of the more common threats to business and then what can be done to reduce these risks through correct internal processes

Internal/employee security threats


According to a recent report a huge 82% of data breaches involve a human element. Employees can pose a significant security threat to businesses, both through intentional and unintentional actions. Intentional threats include malicious activities such as:

  • Data theft
  • Sabotage
  • Espionage
  • These intentional actions are often motivated by personal gain, resentment, or external coercion. Unintentional threats, on the other hand, arise from human error, such as:

    • Mishandling sensitive information and data assets
    • Falling for phishing scams
    • Misconfiguring security settings
    • These errors can lead to data breaches, financial losses, and reputational damage. The increasing sophistication of cyber-attacks amplifies the risk, as even well-meaning employees can inadvertently become victims for scammers. Therefore, it is important for businesses to recognise these threats and implement strategies to mitigate risk.

      Ongoing security training for employees is essential to fortify a business’s defence against these threats. Training programs should be regularly updated to address the common threats and state best practices, ensuring employees remain careful and informed.

      Additionally, a culture of security within the organisation is crucial. This involves fostering an environment where security is a shared responsibility, encouraging employees to report suspicious activities, and promoting awareness of the potential impacts of security lapses. A strong security culture not only enhances compliance with security protocols but also empowers employees.

      Careless internal data handling


      Despite data showing that careless users are involved in most security incidents, they are often overlooked compared to malicious and compromised users. Teams typically implement strong defences and behavioural monitoring for malicious and compromised users but lack sufficient measures for careless users.

      Human error is a leading cause of data breaches, yet careless users receive less attention due to the focus on more sensational malicious or compromised incidents.

      Employees using their own devices at work


      Data leakage is a significant risk when personal devices are used for corporate purposes, as data can be lost or exposed if devices are misplaced, stolen, or infected with malware. Preventative measures include mobile device management (MDM) for remote wiping, role-based access, app segregation, VPNs, and file integrity monitoring. Malicious apps, which can take control of devices and compromise data, highlight the need for user training on safe app practices and downloading only from reputable app stores.

      Device management challenges only grow from loss of control when devices leave the company premises. Device infections often go unnoticed by users, emphasising the importance of up-to-date operating systems and file monitoring.

      Insufficient policies can leave BYOD (Bring your own device) programs vulnerable, making it important to establish comprehensive security policies covering

      • Passwords
      • VPN use
      • Real-time updates.
      • The mix of personal and business use on devices increases the risk of data breaches, which can be mitigated through app segregation, VPNs, and employee training.

        Lastly, lost or stolen devices pose a significant threat, underscoring the need for password protection, biometric security measures, and immediate access revocation for ex-employees.

        Physical asset loss or theft


        According to Security Week, ost and stolen computers are an increasing concern for both individuals and organisations. The portability and high value of modern laptops and smartphones make them prime targets for thieves. When a device is lost or stolen, its data becomes susceptible to unauthorised access.

        Despite significant investments in endpoint security measures, devices often fall short of organisational security expectations. This weakness has resulted in many high-profile data breaches.

        Cloud applications


        According to a recent article cloud computing is not new: 66 percent of small tech companies and 74 percent of enterprises have readily embraced it due to its obvious benefits, including scalability, accessibility, and reliability.

        Unfortunately, cloud platform providers — meaning the organisations that supply the infrastructure, services, and resources needed to use cloud computing — are not as security as they could be. In a recent article Built In have identified 7 threats to business from cloud computing and data storage.

        • Malware
        • Limited visibility into the operation of the cloud networks
        • Legal compliance issues
        • Loss of data – Insufficient data backup and recovery
        • Data breaches
        • Devices not patched or software updated


          According to America’s cyber defence agency, malicious actors routinely exploit poor security in business networks and are therefore able to gain access and exploit the sensitive information gained. One of the most common ways an attacker can gain access and therefore one of the biggest security risks to companies turning over £10 million is through unpatched or ‘out-of-date’ software.


          About S2S Group


          S2S Group is an industry leading data destruction and electronic recycling business. If your business requires a range of data security solutions including the management of data bearing assets and portable devices, please get in touch with our customer support experts. S2S Group is able to advise your company on a full range of data security topics and would be more than happy to discuss your unique requirements.

          Do you have an IT recycling requirement?