The majority of UK insurers expect to keep a hybrid system of home and office working following the COVID-19 crisis, despite many admitting that it makes them more vulnerable to cyber attacks.
That is according to new research from technology support firm Doherty Associates, which studied the cyber security practices of 750 insurance firms and underwriters, and 500 employees, since the start of the pandemic.
It found that 44% of companies have inadequate cyber threat visibility and detection systems to protect employees working remotely, with many unaware of the volume of cyber attacks and data breaches impacting their workforce.
The findings also suggest that employees may not be reporting mistakes they have made that lead to cyber attacks.
One-quarter admitted that they had fallen victim to a breach, or caused one themselves, since working from home, yet half of companies believe they have not suffered a cyber attack since March 2020.
Overall, one-third of firms feel they are more vulnerable with employees working outside the office, yet 58% expect the hybrid office to stay. One in five companies also believe that a breach could cost them £10m to £50m or more.
Terry Doherty, CEO of Doherty Associates, said: “The difference between how many firms are detecting breaches compared to the reality of them occurring does suggest that firms need better cyber defence postures.
“With employees working outside of the office, using a blend of personal and company devices, firms no longer have a single ‘front door’ to protect, but a multitude of entry points to secure against cyber criminals.”
The researchers found that eight in 10 employees use a blend of work and personal devices when working from home, with 53% admitting to saving confidential corporate information to these devices.
A third of employees said they’ve had no cyber awareness training since the first lockdown, and over two-thirds admitted to ignoring virus security scan requests or computer update alerts to safeguard their company’s systems and sensitive data.
Moreover, only half of the firms studied have carried out a cyber risk assessment since working remotely, and 25% admitted that they can’t guarantee security on every device used out of the office.
“Your company is only as safe as your weakest link, and by empowering employees with the knowledge to identify threats in real time, they can become your greatest security asset and help prevent cyber attacks,” Doherty added.
Image credit: iStock
Author: Chris Seekings