A survey by Barracuda of over 1,000 business decision makers in the UK, US, France and Germany reveals significant cyber security deterioration from the recent sudden shift to remote working. 51 percent have seen an increase in email fishing attacks, 51 percent say their workforce is not proficient or properly trained in the cyber risks associated with remote working, 46 percent are not confident that their web applications are secure, 50 percent allow employees to use personal email addresses and personal devices to conduct company work, 49 percent fully expect to see a data breach or cybersecurity incident in the next month due to remote working. Despite this clear increase in the threat surface, 40 percent of the companies have cut their cybersecurity budgets as part of COVID‑19 cost saving measures.
This survey is in line with other recent data which detail the significant challenges companies are facing in the current environment. The fact that half of companies admit that their workforce was not properly trained in cyber risks associated with remote working is an indication of weaknesses in the ‘people and process’ side of cyber governance.
Perhaps most worryingly is the statistic showing that 40 percent of companies have cut their cybersecurity budgets as part of cost saving strategies, despite the clear understanding that risks have increased. While the pressure to make emergency budget cuts is understandable and greater than it has ever been for many companies, the cyber threat is greater than it has ever been as well. In the face of these threats, companies should ensure cybersecurity investment is proportionate to the risks they face.
Dealing with a significant cyber breach on top of COVID‑19 business interruptions would present additional financial and operational challenges at a time when many companies are least prepared to handle them. For example, Cyberhedge analysis indicates there is an average 20 percent drop in operating margins for companies experiencing a cyber-related operational disruption like ransomware—on top of tightening financial constraints for many companies heading into a recession.
In addition, companies must prepare for the post-COVID‑19 world. The digital transformation that has been occurring over the last decade has accelerated dramatically due to the pandemic. This was articulately expressed by Microsoft’s CEO who said last week that “We’ve seen two years’ worth of digital transformation in two months.”
In this environment, protecting companies most important assets—their digital technology—is a more important priority than it has ever been. Companies can ill afford to jeopardize their futures by underinvesting in security—including processes and employee training—at a time when threats have increased and the importance of digital has never been greater.