Technology

HOW TO KEEP DIGITAL TRANSFORMATION ON TRACK AFTER THE PANDEMIC

Published

2 years ago

April 7, 2020

admin

Ashley Coker, CEO and founder, Slate

Introduction

The global coronavirus health emergency has made it abundantly clear how dependent we are on digital services for business continuity and social cohesion. When physical contact must be minimised, digital businesses are in a better position to rapidly adapt and continue their services and respond to customers’ needs.

This is perhaps why Chancellor, Rishi Sunak, was prompted to delay the introduction of IR35 Off-Payroll working rules to the UK private sector until April 2021, as part of his package of measures to support British businesses through the COVID-19 crisis.

While some businesses expressed relief at the delayed introduction of IR35 rules in the private sector, many financial enterprises had already terminated contracts with IT contractors in preparation for the original deadline, with the risk of digital transformation programmes stalling.

What is IR35?

Inland Revenue legislation 35 (IR35) is a tax law designed to prevent individuals from using intermediaries, such as their own limited company, in order to avoid paying their fair share of tax and national insurance contributions (NICs). By setting up a limited company, some people were able to leave their employment in a bank on a Friday and return to the same job on a Monday as an IT contractor, with no change in their role, duties, or place of employment. HMRC wants to put a stop to this.

However, with an estimated 170,000 contractors working through their own personal service companies, HMRC has not had the resource to address cases individually and decided to put the onus on the organisations that hire contractors.

From April 2021, the responsibility for assessing whether a contractor is genuinely self-employed (outside of IR35) will fall on every medium and large private sector organisation with a turnover of over £10.2 million, a balance sheet of £5.1 million, and more than 50 employees. This means that every contract will have to be reassessed to decide whether an individual’s work falls inside or outside IR35. Contractors must be provided with a Status Determination Statement (SDS) for each contract that they undertake, confirming the organisation’s assessment of their status for IR35 purposes.”

How has the financial sector prepared for IR35?

To avoid the time and resource required to scrutinise thousands of contractor contracts, many financial services organisations took a blanket decision which deems that all contractors are working inside IR35. Several prominent organisations have taken this route and terminated all contracts with contractors who bill for their services via limited companies.

Being deemed to be working inside IR35 has the effect of making hiring organisations liable for paying contractors’ income tax and National Insurance contributions at source, as though they were employees, without contractors benefiting from the sick pay and holiday pay benefits of the organisations’ employees. Tax experts have calculated that working inside IR35 will reduce contractors’ incomes by approximately 25 per cent. This makes projects less attractive to IT contractors who might be working on delivering digital change.

How does IR35 affect Digital Transformation?

Prior to the IR35 deadline extension, HSBC, Lloyds bank and Barclays bank were reported to have taken a uniform decision to classify all contractors as working within IR35. It was also reported that Deutsche Bank risked losing 50 out of 53 contractors working in its London-based change management team after taking the decision to cease working with contractors via personal service companies and asking them to join the payroll of a recruitment outsourcing agency used by the bank.

If IT contractors stop working with their financial service industry clients, to avoid falling foul of IR35 after April 2021, this could have a devastating impact on digital transformation projects that depend on the specialist skills of external contractors.

A number of contractors have reported that they plan to seek employment overseas after IR35 comes into force in the private sector, so that they can carry on enjoying the flexibility, job satisfaction and remuneration of working off-payroll. This could result in a brain drain for many sectors, such as banking, which relies heavily on the skills of external IT contractors to deliver digital transformation.

Fast track to digital delivery:

While IR35 could pose serious challenges for digital change programmes in the UK financial services sector after April 2021, some CIOs we have spoken to see the contract renewal phase as an opportunity to clear the decks, refocus and keep their best people on the pitch.

Our experience of providing corporates with highly-skilled software engineers who are born problem-solvers, who work in small, capped teams on a 5 in 50 model, has shown that they are often fundamental to getting stalled digital change programmes back on track. These developers work alongside enterprise IT teams, on a Seed, Scale, Succeed process, bringing fresh coding skills and transforming project thinking into product thinking, with continuous delivery of digital service iterations. They are technology specialists who relish the challenge of working on high profile digital journeys, but who do not wish to work as corporate employees and are therefore hard for financial services organisations to hire.

We now have another twelve months to prepare for IR35. In the meantime, as financial services organisations adapt to the demands of the pandemic, this is the time for small, agile teams of problem-solvers to shine.

Up Next

CAN TECHNOLOGICAL INNOVATIONS HELP IN HANDLING PANDEMICS?

Don't Miss

IN CONSUMER BIOMETRICS WE TRUST: AUTHENTICATION FOR THE DATA PRIVACY AGE

Technology

UK Organisations turn to artificial intelligence to fight sophisticated cyberattacks

Published

3 days ago

May 20, 2022

admin

New research by cybersecurity expert Mimecast finds that email attacks are becoming more frequent and sophisticated

More and more companies in the UK are using artificial intelligence (AI) and machine learning (ML) to fend off increasingly sophisticated cyber-attacks, according to new research from cybersecurity specialist Mimecast. The research finds that 40% of UK organisations are already using AI or ML in their organisations’ cybersecurity programme, with 30% planning to do so within the next 12 months.

The use of advanced technologies such as AI and ML is in direct response to the growing sophistication of cyberattacks that UK businesses are experiencing. 53% believe that increasingly sophisticated attacks will be their biggest email security challenge in 2022, leading to 80% believing it is at least likely their organisation will suffer a negative business impact from an email-borne attack this year.

Growing threat landscape

The research shows that email remains the largest threat vector for UK businesses, with 71% of respondents reporting an increase in the volume of email threats their organisation has faced in the last 12 months. This includes phishing with malicious links or attachments (56%), impersonation fraud or Business Email Compromise (53%), and malicious insiders (43%). However, it isn’t just email attacks that are on the rise, as 90% of UK businesses experienced at least one spoofing attack that uses a lookalike web domain or a clone of their organisation’s website in the last 12 months. The average UK company has experienced 11 of these attacks.

On top of this, employees are also presenting organisations with a very real threat to their cybersecurity. The survey identifies that IT decision makers have relatively low confidence in their colleagues’ cyber awareness , believing that there is a risk of an employee making a serious security risk due to oversharing company information on social media (84%), poor password hygeine (80%), using personal email (80%), or using cloud storage and other shadow IT functionality (81%). When an employee does full victim to an attack, it frequently results in more widespread consequences. 85% of respondents say threats have spread from one infected user to other members of the organisation.

AI to the rescue

To overcome this growing threat landscape, more and more UK organisations are turning to advanced technologies to strengthen their cybersecurity position. The 40% of UK organisations that are already using AI as part of their cybersecurity strategy are already seeing a number of benefits, including increased accuracy in terms of threat detection (54%), reduced human error within cybersecurity team (51%), and reduced workload/working hours for cybersecurity team (45%).

Despite these very real benefits, there is the very real danger that many UK organisations will miss out due to a lack of budget dedicated to cybersecurity. The research highlights a clear discrepancy between the amount IT decision makers believe should be spent on cyber resilience and how much budget is actually allocated by business leaders. IT decision makers in the UK believe that 16% of their IT budget should be allocated to cyber, but at the moment they see less than 12% allocated. Missing out on new technology innovations such as AI is identified as the most likely consequence (49%) for organisations where the cybersecurity budget is not as high as respondents believe it should be.

Elaine Lee, AI expert at Mimecast, said: “There is no doubt that cyberattacks are becoming more frequent, as UK businesses adjust to the world of hybrid work. On top of this increase in frequency, we are also seeing a rise in the sophistication of attacks. This is creating a perfect storm and making it more difficult than ever for organisations to keep their businesses secure. With this in mind, it is no surprise to see so many organisations turn to advanced technologies such as AI to bolster their cybersecurity defences. AI solutions can help businesses to automate security processes, ensuring they are better able to fend off attacks, as well as providing their security experts with more time to focus on high-level analyses that require human interaction.”

Lee continued: “Organisations that have yet to invest in AI technologies as part of their cybersecurity strategy should do so. Cyberattacks are going to continue to be a major threat to UK businesses and these businesses need to respond accordingly with sufficient budget. A successful cyberattack has the potential to cause serious ramifications for a business, including both financial and reputational damage. Now is the time to take this threat seriously and get prepared.”

Technology

Addressing the talent gap within cybersecurity

Published

3 days ago

May 20, 2022

admin

By Merlin Piscitelli, Chief Revenue Officer, EMEA at Datasite

Rising geopolitical tensions and increasingly sophisticated cyberwarfare tactics have meant that cybersecurity threats are now more prevalent than ever. In current times, the number of cybersecurity attacks are increasing in volume and intensity on a global scale and if a company is not properly equipped to deal with this reality, it could directly impact their survival.

Recently, some sections of businesses were compromised, taken offline, and employee accounts within key microchip and electronic powerhouses were exposed due to cyber-attacks. Most alarmingly, some of these attacks were perpetrated by the same hacking extortion group.

As digitalisation continues to increase throughout the world, and events like Russia’s invasion of Ukraine take place, it is now more important than ever to focus on combatting cyber-crime. The industry understands this, as record levels of investments have been pouring into the sector to advance our capabilities within the field.

The cybersecurity surge

Within the last 12 months, the cybersecurity sector has seen major growth with now almost 2,000 firms active within the UK providing cyber security products and services. In 2021 the UK cybersecurity industry contributed £5.3 billion to the economy, an increase of about a third from 2020, and cybersecurity firms have raised more than £1 billion external investments in 84 deals. It’s therefore fair to say that the acceleration towards digitalisation caused by the pandemic has meant businesses have had to increase their cybersecurity efforts, leading to increasing demands within the sector.

Merlin Piscitelli

As the industry finds new solutions to combat cyber-attacks, cybercriminals are continuing to explore new tactics to ensnare victims. This has resulted in higher demands for those skilled within the industry. Now, with over 2.5 million cybersecurity jobs available and the war for talent rapidly gaining momentum, it’s clear that pressure is increasing.

Cybersecurity and data protection is a strategic investment and a highly specialised endeavor. It can be more cost-effective (especially for small and medium size firms) to outsource this responsibility and partner with a vendor to design and implement solutions. Business leaders will need to ensure they are working with a reputable partner that can offer the best level of protection and technical expertise to fit organisational needs.

The talent gap

While demands are currently high, the supply isn’t there to match. In the UK, the cybersecurity talent pool has fallen short by around 10,000 people a year, and in the previous 12 months, the UK’s cyber skills shortage rose by more than a third. As a result, cybersecurity is now the most sought-after tech skill in the UK.

With more than half, 54%, of UK CEOs believing cybersecurity presents the best opportunity for TMT dealmaking over the next year, demand will rapidly outstrip supply of expertise unless there is a rapid change within the industry.

Championing the workforce

Businesses have had various strategies when looking into combatting this issue. When asked what the main drivers of recent and future cross-border technology acquisitions are, one-third of UK M&A professionals surveyed cited access to skilled/specialised talent.

Investing in your workforce is the tried and tested way of mitigating against cyber-attacks and managing risk. Having access to the necessary resources to protect your digital ecosystem and build momentum by upskilling individuals already working in the tech space, along with attracting new talent, will be crucial to tackling the current professional shortfall.

Furthermore, bringing diversity and inclusivity into the process will help truly overcome the war for talent, as businesses will need to acknowledge the correlation between the skills shortage and the lack of inclusivity needed to diversify the sector.

Ultimately, addressing the current skills gap within cybersecurity will require combined efforts from businesses, academia and governments. Championing students to take an active interest cybersecurity and go through the necessary training to develop the skills needed in the industry will go long way in evening out the playing field.

It is only by investing in developing cybersecurity talent that will we have enough people with the expertise required to protect organisations digital ecosystems as the threat landscape becomes more diverse.