Cyber risk is the next pandemic

Levels of cybercrime increased exponentially during lockdown, as hackers took advantage of the weakened digital defences of home-workers. New research, published in our Future Workspaces report, suggests that Q1 of 2020 saw a +6,500% rise in Covid-19 related cyber incidents.

While this doesn’t compare to the severity of human loss during the pandemic, it nevertheless shares some characteristics; the scale that crosses geographical boundaries; the potential social and financial impacts from business disruption; and the fundamental requirement for behavioural change to reduce this risk.

The move towards regular remote-working presents some key challenges for employers to address.

As firms develop plans for infrastructure and IT investment, this should include appropriate provision of equipment for flexible working. The widespread use of personal phones, laptops and home broadband create weak points into the company’s systems. Flexible work patterns may also encourage the use of co- working spaces external to the company. While there are lots of positives from using these spaces, shared internet access and the opportunity for eavesdropping increase vulnerability to cybercrime. In some cases, remote working may even be from overseas, bouncing data around internationally.

Crucially, the risk – and the solution – lies as much in cultural behaviours, as it does in ‘kit’. Organisations often prioritise the technical aspects of IT infrastructure, delegated to IT teams, with little attention given to company-wide behaviours. Training and internal communications campaigns can help to reinforce tips for safe practice, at home, in a co-working space and in the office.

The challenges and solutions we’ve described rest with each organisation. But, just as with a health pandemic, there is a crucial role to be played by national agencies too. At a state-level, we need to see a shift in the way that cybercrime is policed, if it is to be more effective and efficient. While national and international security agencies are rightly focused on the threat from cyber terrorism, the more grassroots hacks and disruptions experienced by businesses every day, are potential crimes that would fall under local police authorities. Some police forces have specialist cybercrime units, others do not. If we fail to adequately monitor, measure and report crime, it is difficult to allocate appropriate resources to its detection and prevention.

For now, as businesses plan their future workspaces for 2021 and beyond, our message is clear; think culture as well as kit. We must protect ourselves and each other, and we’re here to help.

We would also like to give you access to the full 95-page Future Workspaces report, of which cyber security is one of many topics discussed and debated. Download your free copy here.