The importance of managing cyber risks related to workers, especially remote ones, has increased in the digital age. The COVID-19 pandemic has presented new challenges for businesses, as the shift to remote work has accelerated digital transformation and heightened concerns about cybersecurity. Neglecting these risks can result in serious consequences, such as damage to reputation, operations, legality, and compliance.
According to the Computer Security Resource Center, cybersecurity risk refers to the loss of confidentiality, integrity, or availability of information, data, or information systems, and it reflects the potential adverse impacts on organizational operations and assets, individuals, other organizations, and the nation.
A report by Alliance Virtual Offices, which provides services to remote workers, found that cyberattacks rose 238% during the COVID-19 pandemic as more people worked remotely. Additionally, organizations face daily cyberattacks, with a record number of weekly attacks reported by Check Point Research during Q4 of 2021, surpassing 900 attacks per organization. In June 2022, IT Governance reported a breach of 34.9 million records, and a study by RiskIQ estimates that cybercrime costs organizations $1.79 million per minute.
The cost of a cyber-attack has risen significantly in the past year, with the US experiencing a particularly significant impact. The average cost has increased from $10,000 in 2021 to $18,000 in 2022, and 40% of US attack victims incurred costs of $25,000 or higher. The most common entry point for criminals was found to be a cloud-based corporate server, but the cost varies by country. The UK, for example, incurred an average cost of $6.7 million, while Germany, Ireland, and the Netherlands incurred an average of $5 million.
The surge in cyberattacks can be attributed to several factors, including limited visibility into remote employee home networks, growth in the software supply chain and migration to the cloud, as noted by 80% of security and business leaders. CE Pro reports that over half of remote workers access work data using personal devices, and 71% of security leaders have limited visibility into remote employee home networks, leading to a significant number of cyberattacks (67%) targeting remote employees.
Remote workers often use their own personal devices to access work data, which can create a less secure connection to the company network compared to employees working in an office environment. This lack of security can lead to unintentional exposure of sensitive information or make the data vulnerable to cyber threats.
The rapid growth of online collaboration and the use of third-party apps for productivity and tracking has increased the need for technology that replicates face-to-face interactions. This increased reliance on third-party technology often leads to employees using multiple apps, some of which may not be known to their IT teams.
The security of an organization’s internal network depends on the cybersecurity measures of its third- party vendors. However, many third-party apps lack sufficient cybersecurity tools, putting their users’ data at risk of breaches. Furthermore, people often overlook the importance of resetting security settings after software updates, further exposing the data to potential breaches. The average cost of these breaches to a business is estimated at $4.33 million.
Ornetsecurity reported that 33% of companies are not providing cybersecurity training to remote workers, which is concerning since 74% of remote employees have access to sensitive information. Despite this, 44% of respondents said that their organizations plan to expand the number of employees working remotely.
The 2021 Training Industry Report by Training Magazine showed that the average US Company spent $1,071 per employee on training, a decrease of $40 from 2020.
The chart shows that large companies have the lowest average spending on training, at $722, while companies with 100-999 employees spend twice as much. In light of the increasing frequency and cost of cyber-attacks, organizations are expected to increase their investment in cybersecurity training and prevention measures. A 53% increase in annual hours spent on cybersecurity training has been reported by employees since 2019, and the market is expected to reach a value of $10 billion annually by 2027. This trend is supported by data, with 80% of 25 different industries reporting a significant increase in the number of hours spent on security training content in 2021 compared to the previous year.
To reduce the risk of cyber-attacks, organizations can implement Multi-Factor Authentication (MFA), deploy anti-malware software, and have a clear understanding of their data, including its sensitivity and importance. Implementing MFA can prevent a majority of credential-based attacks, anti-malware software can provide protection and alerts, and understanding data is often mandated by regulations such as GDPR.
Ryan Moh is a Data Analyst for RiskKarma.io, a strategic risk intelligence solution that serves as telematics for an organization’s workforce to predict, prevent and protect against claims, crime, cyber risk, and adverse worker actions. The platform includes a DEI dashboard to help organizations measure, track and improve their diversity equity, and inclusion initiatives to include equal pay. RiskKarma.io was
selected by the Walton Foundation as one of ten international artificial intelligence platforms to accelerate growth and by the Society of Human Resource Management as a company “creating a better world where employers and employees can thrive together.”
