Shadow or stealth IT doesn’t really lurk in the darkest corners of our organizations. On the contrary, shadow IT hides in plain sight. We see it every time one of our colleagues pulls out their personal smartphone or tablet and uses a free mobile app to share confidential business information across an unsecured network. At that moment your business is completely exposed to hackers, cybercriminals and your competitors. You’re almost certainly in breach of data protection legislation. Worst case scenario, you find yourself on the wrong end of a lawsuit when angry customers take you to task because you failed to protect their personal data.
TalkTalk Cyber-Attack
In October 2015 the TV, broadband and telecoms provider TalkTalk was the victim of a major cyber-attack. The incident reportedly cost the company 100,000 lost customers and an estimated £45 million. However, a report by Kantar Worldpanel suggests the reputational costs might be much higher and the effects longer lasting. The report found that TalkTalk customers no longer perceive the brand as trustworthy. Kantar also suggests the true figure of lost customers is closer to 250,000.
Lost and Stolen Data Costs
In truth, the biggest threat to a company’s data security comes from its own staff. Careless employees, easy access to technology and lack of corporate guidance leaves many organizations dangerously and needlessly exposed to data breaches. Identity governance tech firm SailPoint says that 71% of company employees have access to data they shouldn’t. 80% of data is unstructured and resides in multiple locations. In 2015 the average organisational cost of a single lost file or stolen data record was $154 according to research by IBM and the Ponemon Institute. That’s an increase of nine percent on the year before. However, some data is worth considerably more to cybercriminals for identity theft and fraud purposes.
The UK’s Information Security Breaches Survey 2015 says that for companies with more than 500 employees the average cost of a data breach was between £1.46 million and £3.14 million. For smaller firms the average cost of a data breach was around £75,000 to £310,800. Although the survey shows that external threats to data security have significantly increased, a company’s own staff are the main point of weakness. Respondents said that accidental human error (48%), lack of staff awareness (33%) and weak security vetting procedures (17%), all contributed to the data breaches suffered by their organisations.
The European Union General Data Protection Regulations (EU GDPR) comes into force on May 25th 2018. Regardless of whether your business is within the EU or not, if you want to trade with EU states then you’ll need to comply with the new regulations. Penalties for those failing to meet the new requirements are extremely severe. A data breach could mean a corporate fine of four percent of annual global turnover or €20 million, whichever sum is greater.
Research by Cloud security firm Netskope found that 75% of 22,000 enterprise Cloud apps currently in use fail to comply with EU GDPR. What’s more, 11% of those apps are infected with malware. The Netskope website explains: “More than a quarter of malware was detected in files that had been shared with others, demonstrating the ease of propagation and risk of malware in the Cloud.”
The consumerization of IT is an opportunity and a threat to many businesses. Lots of IT departments struggle to keep pace with the latest technological trends and innovations. Corporate governance has often been woefully inadequate in its understanding and response to the widespread adoption of shadow IT solutions by the workforce. The security risks aside, shadow IT clearly offers tools and technologies that make people more productive, collaborative and efficient. It also shows businesses what types of applications they should be buying rather than imposing IT solutions without proper consultation.
A Simple Plan
To maximize the potential gains from shadow IT and mitigate the risks businesses need to be smarter and more adaptable. As more staff and businesses adopt Cloud solutions it only makes sense to keep your anti-malware and anti-virus software updated. Rather than resisting the tide, businesses and IT departments should look at how they can safely embrace BOYD/BYOA (that’s Bring You Own Device/Bring Your Own App) policies and procedures. Companies must make more of an effort to communicate the benefits and dangers of using consumer-grade apps for work purposes. Similarly, employees need to take a greater burden of responsibility for the technologies they bring into the workplace.
As the PCI Security Standards Council’s guide Responding to a Data Breach says: “Preparing for the worst is the best defence.” Research by the Ponemon Institute and IBM suggests that having an incident response plan and trained team in place can significantly reduce the costs and collateral damage when a data breach occurs. Surely a little more pragmatism and imagination can bring shadow IT into the open, where everyone can decide for themselves if it’s a friend or foe.
Shadow or stealth IT doesn’t really lurk in the darkest corners of our organizations. On the contrary, shadow IT hides in plain sight. We see it every time one of our colleagues pulls out their personal smartphone or tablet and uses a free mobile app to share confidential business information across an unsecured network. At that moment your business is completely exposed to hackers, cybercriminals and your competitors. You’re almost certainly in breach of data protection legislation. Worst case scenario, you find yourself on the wrong end of a lawsuit when angry customers take you to task because you failed to protect their personal data.
TalkTalk Cyber-Attack
In October 2015 the TV, broadband and telecoms provider TalkTalk was the victim of a major cyber-attack. The incident reportedly cost the company 100,000 lost customers and an estimated £45 million. However, a report by Kantar Worldpanel suggests the reputational costs might be much higher and the effects longer lasting. The report found that TalkTalk customers no longer perceive the brand as trustworthy. Kantar also suggests the true figure of lost customers is closer to 250,000.
Lost and Stolen Data Costs
In truth, the biggest threat to a company’s data security comes from its own staff. Careless employees, easy access to technology and lack of corporate guidance leaves many organizations dangerously and needlessly exposed to data breaches. Identity governance tech firm SailPoint says that 71% of company employees have access to data they shouldn’t. 80% of data is unstructured and resides in multiple locations. In 2015 the average organisational cost of a single lost file or stolen data record was $154 according to research by IBM and the Ponemon Institute. That’s an increase of nine percent on the year before. However, some data is worth considerably more to cybercriminals for identity theft and fraud purposes.
The UK’s Information Security Breaches Survey 2015 says that for companies with more than 500 employees the average cost of a data breach was between £1.46 million and £3.14 million. For smaller firms the average cost of a data breach was around £75,000 to £310,800. Although the survey shows that external threats to data security have significantly increased, a company’s own staff are the main point of weakness. Respondents said that accidental human error (48%), lack of staff awareness (33%) and weak security vetting procedures (17%), all contributed to the data breaches suffered by their organisations.
The European Union General Data Protection Regulations (EU GDPR) comes into force on May 25th 2018. Regardless of whether your business is within the EU or not, if you want to trade with EU states then you’ll need to comply with the new regulations. Penalties for those failing to meet the new requirements are extremely severe. A data breach could mean a corporate fine of four percent of annual global turnover or €20 million, whichever sum is greater.
Research by Cloud security firm Netskope found that 75% of 22,000 enterprise Cloud apps currently in use fail to comply with EU GDPR. What’s more, 11% of those apps are infected with malware. The Netskope website explains: “More than a quarter of malware was detected in files that had been shared with others, demonstrating the ease of propagation and risk of malware in the Cloud.”
The consumerization of IT is an opportunity and a threat to many businesses. Lots of IT departments struggle to keep pace with the latest technological trends and innovations. Corporate governance has often been woefully inadequate in its understanding and response to the widespread adoption of shadow IT solutions by the workforce. The security risks aside, shadow IT clearly offers tools and technologies that make people more productive, collaborative and efficient. It also shows businesses what types of applications they should be buying rather than imposing IT solutions without proper consultation.
A Simple Plan
To maximize the potential gains from shadow IT and mitigate the risks businesses need to be smarter and more adaptable. As more staff and businesses adopt Cloud solutions it only makes sense to keep your anti-malware and anti-virus software updated. Rather than resisting the tide, businesses and IT departments should look at how they can safely embrace BOYD/BYOA (that’s Bring You Own Device/Bring Your Own App) policies and procedures. Companies must make more of an effort to communicate the benefits and dangers of using consumer-grade apps for work purposes. Similarly, employees need to take a greater burden of responsibility for the technologies they bring into the workplace.
As the PCI Security Standards Council’s guide Responding to a Data Breach says: “Preparing for the worst is the best defence.” Research by the Ponemon Institute and IBM suggests that having an incident response plan and trained team in place can significantly reduce the costs and collateral damage when a data breach occurs. Surely a little more pragmatism and imagination can bring shadow IT into the open, where everyone can decide for themselves if it’s a friend or foe.
Charlie began his career working for Added Value, Europe's leading marketing consultancy, as a copywriter and account manager for blue chip clients such as British Airways, Shell UK Ltd and Guinness. Later he worked as a freelance marketing consultant. Over the last decade Charlie has worked for a wide range of technology companies, marketing hardware, software and IT services across EMEA. Charlie is a Member of the Chartered Institute of Marketing, CIM Chartered Marketer and certified gamification designer. In 2013 Charlie joined Ariel Communications, a trading platform provider, as Marketing Manager. Today he is a Marketing Consultant and Freelance Copywriter. Visit www.marketing-copywriter-uk.com Charlie began his career working for Added Value, Europe's leading marketing consultancy, as a copywriter and account manager for blue chip clients such as British Airways, Shell UK Ltd and Guinness. Later he worked as a freelance marketing consultant. Over the last decade Charlie has worked for a wide range of technology companies, marketing hardware, software and IT services across EMEA. Charlie is a Member of the Chartered Institute of Marketing, CIM Chartered Marketer and certified gamification designer. In 2013 Charlie joined Ariel Communications, a trading platform provider, as Marketing Manager. Today he is a Marketing Consultant and Freelance Copywriter.
iForex posts its first annual results as a listed broker. Also ahead: CFI Financial secures a Brazil license, and prediction markets have a big week, with new ETF launches and fresh Polymarket loss data. It's Thursday, the thirtieth of April 2026. You're listening to the Finance Magnates Daily Brief.
iForex posts its first annual results as a listed broker. Also ahead: CFI Financial secures a Brazil license, and prediction markets have a big week, with new ETF launches and fresh Polymarket loss data. It's Thursday, the thirtieth of April 2026. You're listening to the Finance Magnates Daily Brief.
iForex posts its first annual results as a listed broker. Also ahead: CFI Financial secures a Brazil license, and prediction markets have a big week, with new ETF launches and fresh Polymarket loss data. It's Thursday, the thirtieth of April 2026. You're listening to the Finance Magnates Daily Brief.
iForex posts its first annual results as a listed broker. Also ahead: CFI Financial secures a Brazil license, and prediction markets have a big week, with new ETF launches and fresh Polymarket loss data. It's Thursday, the thirtieth of April 2026. You're listening to the Finance Magnates Daily Brief.
iForex posts its first annual results as a listed broker. Also ahead: CFI Financial secures a Brazil license, and prediction markets have a big week, with new ETF launches and fresh Polymarket loss data. It's Thursday, the thirtieth of April 2026. You're listening to the Finance Magnates Daily Brief.
iForex posts its first annual results as a listed broker. Also ahead: CFI Financial secures a Brazil license, and prediction markets have a big week, with new ETF launches and fresh Polymarket loss data. It's Thursday, the thirtieth of April 2026. You're listening to the Finance Magnates Daily Brief.
FM Daily Brief - 29 April 2026
FM Daily Brief - 29 April 2026
FM Daily Brief - 29 April 2026
FM Daily Brief - 29 April 2026
FM Daily Brief - 29 April 2026
FM Daily Brief - 29 April 2026
XTB and Robinhood both post first-quarter earnings. But the numbers point in very different directions. Also ahead: Capital.com pushes into three new markets and signals a move into payments.
It's Wednesday, the 29th of April 2026. You're listening to the Finance Magnates Daily Brief.
XTB and Robinhood both post first-quarter earnings. But the numbers point in very different directions. Also ahead: Capital.com pushes into three new markets and signals a move into payments.
It's Wednesday, the 29th of April 2026. You're listening to the Finance Magnates Daily Brief.
XTB and Robinhood both post first-quarter earnings. But the numbers point in very different directions. Also ahead: Capital.com pushes into three new markets and signals a move into payments.
It's Wednesday, the 29th of April 2026. You're listening to the Finance Magnates Daily Brief.
XTB and Robinhood both post first-quarter earnings. But the numbers point in very different directions. Also ahead: Capital.com pushes into three new markets and signals a move into payments.
It's Wednesday, the 29th of April 2026. You're listening to the Finance Magnates Daily Brief.
XTB and Robinhood both post first-quarter earnings. But the numbers point in very different directions. Also ahead: Capital.com pushes into three new markets and signals a move into payments.
It's Wednesday, the 29th of April 2026. You're listening to the Finance Magnates Daily Brief.
XTB and Robinhood both post first-quarter earnings. But the numbers point in very different directions. Also ahead: Capital.com pushes into three new markets and signals a move into payments.
It's Wednesday, the 29th of April 2026. You're listening to the Finance Magnates Daily Brief.
FM Daily Brief - 28 April 2026
FM Daily Brief - 28 April 2026
FM Daily Brief - 28 April 2026
FM Daily Brief - 28 April 2026
FM Daily Brief - 28 April 2026
FM Daily Brief - 28 April 2026
Startrader posts three-point-one trillion dollars in first-quarter volume — up three hundred and forty percent from a year ago. Also ahead: Fintokei claims sub-second trader payouts, and eToro opens its premium subscription tier to all investors.
Startrader posts three-point-one trillion dollars in first-quarter volume — up three hundred and forty percent from a year ago. Also ahead: Fintokei claims sub-second trader payouts, and eToro opens its premium subscription tier to all investors.
Startrader posts three-point-one trillion dollars in first-quarter volume — up three hundred and forty percent from a year ago. Also ahead: Fintokei claims sub-second trader payouts, and eToro opens its premium subscription tier to all investors.
Startrader posts three-point-one trillion dollars in first-quarter volume — up three hundred and forty percent from a year ago. Also ahead: Fintokei claims sub-second trader payouts, and eToro opens its premium subscription tier to all investors.
Startrader posts three-point-one trillion dollars in first-quarter volume — up three hundred and forty percent from a year ago. Also ahead: Fintokei claims sub-second trader payouts, and eToro opens its premium subscription tier to all investors.
Startrader posts three-point-one trillion dollars in first-quarter volume — up three hundred and forty percent from a year ago. Also ahead: Fintokei claims sub-second trader payouts, and eToro opens its premium subscription tier to all investors.
FM Daily Brief - 27 April 2026
FM Daily Brief - 27 April 2026
FM Daily Brief - 27 April 2026
FM Daily Brief - 27 April 2026
FM Daily Brief - 27 April 2026
FM Daily Brief - 27 April 2026
Finance Magnates spoke with IG Group's MENA CEO. Also ahead: EC Markets posts a record five-point-one-three trillion dollar first quarter. Plus Hola Prime brings in Deloitte to audit prop firm payouts.
Finance Magnates spoke with IG Group's MENA CEO. Also ahead: EC Markets posts a record five-point-one-three trillion dollar first quarter. Plus Hola Prime brings in Deloitte to audit prop firm payouts.
Finance Magnates spoke with IG Group's MENA CEO. Also ahead: EC Markets posts a record five-point-one-three trillion dollar first quarter. Plus Hola Prime brings in Deloitte to audit prop firm payouts.
Finance Magnates spoke with IG Group's MENA CEO. Also ahead: EC Markets posts a record five-point-one-three trillion dollar first quarter. Plus Hola Prime brings in Deloitte to audit prop firm payouts.
Finance Magnates spoke with IG Group's MENA CEO. Also ahead: EC Markets posts a record five-point-one-three trillion dollar first quarter. Plus Hola Prime brings in Deloitte to audit prop firm payouts.
Finance Magnates spoke with IG Group's MENA CEO. Also ahead: EC Markets posts a record five-point-one-three trillion dollar first quarter. Plus Hola Prime brings in Deloitte to audit prop firm payouts.
