A Tessian survey of 250 IT leaders and 2,000 working professionals in the US and UK conducted in August revealed that 1/3 of employees will not consider working for a company that does not offer remote working, and only 11% replied that they want to work exclusively in an office post-pandemic. 75% of IT leaders agree that permanent remote or ‘hybrid’ work will become the norm post-pandemic, and 85% report that this will increase pressure on their and their team’s abilities to secure IT systems.
Other key findings in the report include:
- Half of companies surveyed experienced a data breach or security incident between March and July 2020, and half of those breaches were phishing attacks
- 78% of IT leaders believe that remote work increases the risk of insider threats. 27% reported higher rates of insider threat driven security breaches in the May-July 2020 period
- More than half of respondents report being more reliant on email, instant messaging and video conferencing facilities to stay connected with colleagues
A more permanent shift to remote or ‘hybrid’ (splitting time between office and remote) work has significant implications for enterprise cyber governance. One of the most common cyber security measures pre-pandemic — barrier security behind firewalls — ceases to be effective in a remote work environment and fundamentally changes enterprise security. The escalation of attacks since COVID‑19 reflect the increased pressures on corporate networks. Ransomware attacks on companies in 2020 have already far exceeded the number in 2019.
In addition, the new security environment means that the focus and materials used in developing the necessary skills and awareness among staff and policies and processes must be changed to account for the new reality, with a new focus on security in a remote work environment. All evidence suggests that many enterprises are doing a poor job on this front at a time when threats have increased. In fact, despite the recognition of the increased threat environment from both external (phishing and ransomware) and internal threats, and the need to enhance systems and training to adapt to the remote work environment, most enterprises are expecting IT security budgets to remain flat or be cut in 2021.
This should lead to continued divergence in performance between companies that manage digital transformation well and those that don’t. It also requires investors to ask the questions reflective of the significant financial risk companies face, starting with, “what kind of resources are being allocated to improve security in this new hybrid environment and how is the firm doing relative to peers?”