Over a third of organisations 'unprepared' for cyber-incidents with hybrid work

  • New research from the cyber-security and information resilience team at BSI shows that nearly half of all organisations are not prepared for cyber attacks

    The British Standards Institution has warned that companies across the UK are unprepared for potential cyber incidents, an issue that has been made significantly worse recently due to Covid-19. One in six of the companies examined had suffered a data breach or cyber-attack related to Covid-19 in the past six months.

    The group has released the results of research it conducted as part of new readiness to re-open and hybrid office dynamic campaign. It comes after recent surveys showed that many businesses across the UK plan to move permanently to a new hybrid office model, with part of worker time spent in the office and part working remote.

    Hybrid office models introduce new potential vectors for cyber incidents as the processes that enable people to work from home could be hijacked. The report highlights "shadow IT" risks in which an employee uses an unsanctioned cloud service, piece of software, or device to do their work and it results in a data breach.

    Many companies rushed to implement remote work processes and may have bypassed proper security processes, and those issues need to be dealt with now as remote and hybrid work models become permanent. Around a third of the companies surveyed by BSI were not adequately prepared to deal with these cyber threats, and 26% didn't know how they would deal with a disaster event.

    Stephen O’Boyle, Global Practice Director for Cyber, Risk and Advisory at BSI, commented on the risk: "There is potential for data leakage through cloud services as well as the use of BYOD (bring your own device). The assurance over the security of the BYOD can be lost, and potential questions arise over ownership and access to data.

    "Today, it’s not a question of whether a breach will take place, it’s a question of how the business can manage it when it happens. Incident response is a critical component of defence should an attack take place, so making sure you are prepared is essential for the continuity and sustainability of the business." 

    Source: Written based on press release

    About the author

    Brendan is a Sync NI writer with a special interest in the gaming sector, programming, emerging technology, and physics. To connect with Brendan, feel free to send him an email or follow him on Twitter.

    Got a news-related tip you’d like to see covered on Sync NI? Email the editorial team for our consideration.

Share this story