Abstract
Covid-19 has accelerated change exponentially across a wide range of industries, transforming the way that people work and live, with the technology industry at the forefront. A McKinsey global survey of executives last year concluded that responses to the pandemic had speeded up the adoption of digital technologies by several years, pushing companies over the technology tipping point and transforming business forever.1

Harry Benham
It is a bold conclusion but based on solid foundations – millions of employees worldwide are working from home and consumers have rapidly switched to technology to meet their needs as lockdowns have disrupted their lives. The rise in remote working has meant a rise in cyber attacks, with cyber criminals taking the opportunity to target gaps in IT security caused by more people working on more devices that are less secure.
Employees working from home are using more digital technology supplied by their employers while employers are investing more in technology. The increased investment in new technology has meant replacing older systems, which need to be disposed of.
Respondents to the McKinsey survey in 2020 were three times likelier now to say at least 80% of their customer interactions are digital. Companies estimated that the crisis has accelerated the digitisation of their customer and supply-chain interactions and their internal operations by three to four years. The share of digital or digitally enabled products in their portfolios has accelerated by seven years. Nearly all respondents said their companies have set up temporary digital solutions much more quickly than previously thought possible. And most admitted that the temporary solutions are here to stay for the long term.
Our own research with IT directors at major firms shows the technology switch and increasing digitisation is feeding through to their budgets.2 More than three out of five IT directors (62%) believe their employer's IT budget will increase for 2021. Nearly half (48%) cite the need to invest in more cloud technology as a key reason for the increased spending while 45% believe the additional funds will be needed to provide greater IT support to staff working from home.
There are other issues driven by Covid – around 7% of IT directors say increased budgets are needed because they have been hit by more cyber attacks during the Covid-19 crisis and therefore need bigger budgets to invest in IT to provide greater security. Just 12% of IT directors interviewed said they expect their budgets to fall. Those that are expecting a drop in their budget have other issues to cope with, most blaming a fall in revenue or profits for the reduction in budgets. IT does not operate in a vacuum and many companies have struggled.
A key finding from the research with IT directors is that budgetary pressure is being driven by the need to dispose of IT hardware and data properly. Nearly three-quarters (72%) of those questioned said they are increasingly concerned about potential legal issues. More than three out of five (62%) expect their employers to invest more money in data erasure while 60% expect more spending on the disposal of hardware.
The transformation of technology and digitisation means a major focus on changing IT infrastructure ranging from buying more hardware for employees to upgrading to more-secure or cloud-based systems, or in some cases cutting back on technology and disposing of it in line with reductions in the size of their business and workforce. IT directors are increasingly focusing on the need to dispose of existing IT data and hardware safely – whether that be to make way for new technology, or to reuse or sell it.
What's happening?
A survey carried out last year found that around 4.5 million electronic devices have been handed back to employers as people have been made redundant during the Covid-19 crisis.3 Around 26% of people who have been made redundant or furloughed since the Covid-19 crisis started have had to give back electronic devices to their employers. In half of those cases, employees said that these devices had personal information on them, including their bank and credit card details, personal passwords and photos.
Similar experiences will have been recorded around the world as other countries suffer redundancies and the numbers in the UK will also have increased. The same, of course, applies to people who are still in work. The same UK study found that one in five people (19%) who work now have more electronic devices through their employers than they did before the Covid-19 crisis started. Just 3% have fewer and 78% say there has been no change.
Some 6% of people in work now have at least three more electronic devices from work than they did at the start of the year. This trend has dramatically increased the risk posed to employers for breaking regulations around how it is accessed, stored, and ultimately erased. Any irregularities could see them face large fines.
Of those people with electronic devices supplied by their employers, 23% say they have received a work laptop due to Covid-19 and working more remotely. Some 16% of them said this about their work mobile phone, and 6% have received a printer from work.
Overall, 48% of people in work now claim to have a laptop from work, 45% have a mobile phone and 31% have a desktop computer.
The study last year among employees found that 20% of people in work said their employers had disposed of various IT hardware items over the past 12 months, but only 40% believed this equipment did not have confidential data on it.
Employees interviewed said just 42% of the disposed tech hardware went to a professional company that specialises in the disposal of IT and the erasure of data on it. One in four (25%) said the IT hardware was sold, but it was not professionally reviewed before the sale to ensure there was no data on it that needed to be wiped first. One in 10 staff said the equipment was simply thrown away while 8% said the equipment was physically destroyed.
Table 2 shows the UK results in detail. Computers were most likely to be disposed of, followed by printers and mobile phones. Fax machines are indeed still in use in some organisations and yes, they can hold confidential information, as can printers.
Table 2.
Devices discard by companies in the UK.
| Technology hardware | Percentage of employees who said their employer discarded this technology hardware over the past 12 months |
|---|---|
| Desktop PC | 11% |
| Printer | 9% |
| Mobile phones | 7% |
| Fax machines | 5% |
| Fixed line phones | 5% |
The research shows the scale of the disposal challenge while the findings cast great doubt on how well this hardware is disposed of and whether the data held on it has been properly erased. Most tech hardware – including printers and fax machines – will have confidential data on them that needs to be removed, but many employers are not aware of this.
Globally it is estimated that a record 53.6 million metric tonnes of e-waste – discarded products with a battery or plug such as computers and mobile phones – was dumped in 2019, which was up by 9.2 metric tonnes in five years.4 Businesses are not solely responsible and not all of that e-waste comes with data issues.
However, it is forecast that global e-waste will reach 74 metric tonnes by 2030, which is almost double where it was in 2014, fuelled by higher electric and electronic consumption rates, shorter lifecycles and limited repair options. The International Telecommunication Union is aiming to increase the global e-waste recycling rate to 30% by 2023, which leaves a lot of equipment not being recycled.
Disposal in action
Businesses regularly find themselves with redundant IT and telecoms equipment. This could be due to periodic equipment refreshes, downsizing or office relocations and closures. How they address the issue is revealing, as research shows.
Our own study reveals that around one in 12 (8%) have used a hammer to dispose of IT equipment containing electronic data. About one in eight (12%) admit to having submerged a device in water to try and destroy the hardware, while 18% have resorted to drills. The most popular method is reassuringly more conventional – 90% of IT directors have used shredding, while 74% have used data sanitation software.
The study found the reason for IT directors resorting to extreme measures is that 82% said they are concerned about security issues around the disposal of IT hardware. Alarmingly, 10% of IT directors interviewed described their employer's knowledge of data erasure and disposal or IT hardware as ‘average' or ‘poor'. Some 12% who have carried out data erasure on equipment as part of their jobs did not receive a certificate of proof for the work done. Making mistakes with disposal can mean risking fines on data breaches as well as damage to their reputation.
Half of IT directors (50%) admit to destroying IT hardware as opposed to having its data erased, because of a growing fear that this will not be done properly, increasing their risk of being responsible for data breaches and facing fines. Three out of 10 IT directors interviewed admitted to mothballing IT hardware for this reason, and a further 10% said they are doing this because they are not confident of being able to sell it to a reliable third party who can guarantee that the data on it will be erased properly.
Around two-thirds (66%) of IT directors believe the amount of end-of-life hardware technology held by their employers is increasing. Some 52% said this is happening because of growing concerns about the quality of professional data erasure services and 39% said the reason is the growing number of people leaving their firms due to the Covid-19 crisis. Nearly one in 10 (9%) say they are storing more because of increasing regulations around data storage and erasure, and a fear of doing something that breaks these.
The research found that 32% of IT directors are ‘very concerned' about the security issues around the disposal of IT hardware, and 50% are ‘quite concerned.' Businesses are right to be cautious when it comes to their end-of-life hardware as, if it is not wiped correctly, they could face significant fines for data breaches, which could also damage their brand and reputation.
Full audit trail
When they are disposing of equipment, companies need a full audit trail from collection point to final disposal of equipment, which should include full certification, asset inventories and sales and recycling reports. They should consider an onsite IT decommissioning service, together with onsite data destruction and onsite audits as well.
Data contained on electronic storage media needs to be erased using only tools approved by the relevant authorities, such as the National Cyber Security Centre (NCSC) in the UK, and they should receive full certification.
Services to look for from suppliers include all IT equipment and data storage media being removed from client premises in locked containers and transported to a secure facility in unmarked, tracked vehicles. All devices containing data should be quarantined and placed in a separate secure area that is used for data eradication only. All items of equipment should be logged and the client should be provided with an asset inventory.
Table 1.
Devices provided by employers.
| Electronic device | Percentage of people in work who have electronic devices through work who received this since Covid-19 and because of working more remotely | Percentage of people in work who have this device through their employer |
|---|---|---|
| Laptop | 23% | 48% |
| Mobile phone | 16% | 45% |
| Desktop computer | 8% | 31% |
| Printer | 6% | 34% |
| Fixed line phone | 4% | 29% |
Sensitive data needs to be permanently erased from servers, laptops, desktops, hard drives, solid-state drives and smartphones by using specialist data sanitisation software such as Blancco Drive Eraser 6, Certus Erasure and White Canyon Wipe Drive. Each erasure needs to be verified and certified with a digitally signed Certificate of Erasure for auditing and compliance.
Data destruction should be addressed with techniques such as degaussing, which destroys 100% of data with a powerful 18,000 gauss magnetic field, rendering the devices completely inoperable. All devices that have been degaussed and are thereby inoperable and all data obliterated, can then be shredded in an industrial shredder.
Devices can be disintegrated using a granulator when there is a requirement for devices and media to be reduced to a particle size no greater than 6mm. This method is particularly effective in the destruction of SSDs, whose technical complexity renders many data destruction techniques ineffective for this type of media. The disintegrator is used for all flash media types and this solution offers high levels of safety, including the H-5 level compliant with DIN 66399.
Any equipment that has residual value can be re-marketed and sold. Equipment unsuitable for refurbishment and/or resale can be manually dismantled and parts and materials can be segregated for recycling. Wherever possible, materials such as aluminium, copper, steel and plastics can be despatched to licensed recycling facilities, where they are used in place of raw materials in industrial processes.
Technology and digitisation have accelerated – it is time for disposal to catch up.
Biography
About the author
Harry Benham has over 40 years' experience in growing SMEs working across a range of industries, including marketing, software development, e-commerce and technology. DSA Connect (www.dsa-connect.co.uk), which was founded in 2011 to partner the Ministry of Defence in developing its asset disposal service, specialises in the erasure and destruction of electronic data using tools certified by CESG and approved by the UK National Cyber Security Centre (NCSC). All processes are carried out in line with ISO 27001, 9001 and 14001 accreditations.
References
- 1.McKinsey; 5 Oct 2020. ‘How COVID-19 has pushed companies over the technology tipping point – and transformed business forever’.www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/how-covid-19-has-pushed-companies-over-the-technology-tipping-point-and-transformed-business-forever [Google Scholar]
- 2.‘Hardware IT disposal underscores security fears’. Mob76Outlook. 9 Mar 2021. www.mob76outlook.com/hardware/
- 3.‘4.5 million electronic devices handed back to employers due to pandemic’. DSA Connect. www.dsa-connect.co.uk/research-research-reveals-4-5-million-electronic-devices-handed-back-to-employers-as-staff-are-made-redundant-or-furloughed/
- 4.‘Global E-waste Monitor 2020’. ITU. www.itu.int/en/ITU-D/Environment/Pages/Spotlight/Global-Ewaste-Monitor-2020.aspx
