04:05
ISSUE 1
“Payroll departments largely operate with outsourced systems, lack robust cybersecurity measures, and may underestimate the value of the data that they or their third-parties handle.“ A good example of this is the Equifax breach, which exposed the data of over 147 million people, leading to a fine of $425 million . More specifically to the payroll industry was the MoD’s contractor, Interserve, who suffered a data breach that led to 113,000 A combination of accurate and relevant payroll data, like the types above, could potentially provide cybercriminals with a comprehensive toolkit for conducting various forms of fraud, identity theft, and malicious activities, posing significant risks to individuals and organisations alike. employees’ data being stolen . These are only a few of the many incidents that have happened of late, which are caused by organisations’ shortcomings in the way their data is stored and managed, as such payroll departments are sitting ducks for cybercrime. Payroll
departments largely operate with outsourced systems, lack robust cybersecurity measures, and may underestimate the value of the data that they or their third- parties handle. Additionally, human error and insufficient employee training can further exacerbate security threats. The monetary value of stolen data, such as payroll information, varies based on factors such as its completeness, accuracy, and relevance. Estimates suggest that the value of a single payroll record on the digital black market can range from tens to hundreds of pounds. This figure multiplies rapidly when considering the payroll data of entire organisations, making the cyber industry a multi- billion-pound cash cow, costing the UK an average of £27 billion per year . What we have seen become increasingly appealing to attackers, is third-party service providers and suppliers, that introduce another thick layer of risk. While outsourcing certain payroll functions can offer efficiency and cost savings, it also increases the potential avenues for data breaches. Third-party vendors may not adhere to the same stringent security protocols as the parent company, making them highly susceptible targets for cyberattacks. A perfect example of this is the MoveIT data breach in 2023, which compromised the data of more than 600 organisations worldwide, affecting more than 40 million people, so far .
Made with FlippingBook Annual report maker