Underprepared employees increase cyber risk, and are one reason some companies are less resilient in face of COVID‑19 disruptions


A survey of 2,000 remote workers in the UK reveals that two-thirds have not received cybersecurity training over the past year, and 61 percent said they were using personal devices to work remotely instead of corporate-issued devices. Despite these shortcomings, 77 percent reported that they are not worried about security while working from home.



These numbers provide a quantitative snapshot of the increase in risks to corporate IT networks since the COVID‑19 driven explosion in remote work began. What has exploded in many cases is the complexity of the corporate IT network. Network Complexity can be best described as the size of the threat surface and range of software and end-point devices on it.

Much has been written about the increased risk of security breaches due to the new working environment—cloud and VPN access instead of in-house IT networks; new work environments, stresses and distractions for employees; different and unfamiliar hardware and software systems—which inherently increase cyber vulnerability for companies. The fact that despite these issues, 77 percent of employees report not being worried about security is a problem since vigilance about security is a necessary part of good cyber hygiene, especially when new systems and work processes are being deployed.

A key tenet of cyber governance is around people and process, including regular and ongoing training of staff on security practices and procedures as well as making sure they are fully trained on the corporate IT systems. COVID‑19 highlights that cybersecurity training and contingency planning is something that must be executed regularly and refreshed frequently, as the sudden implementation of remote work meant that there was no time to refresh training before employees left their offices. Companies that manage their technology well tend to be strong on ‘people and process’ and were better prepared for the sudden shift. It is also why companies with good cyber governance are proving more resilient in the face of the overall shocks than those with poor cyber governance.

This survey data appears to show that many companies are deficient on the human element at a time when networks are under unprecedented strain—not a good combination.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website