Covid-19 and the risk to Cyber Security
A recent report highlights the risk to Cyber Security since the beginning of the Covid pandemic .
" UK SMEs are at risk of 65,000 cybersecurity attacks daily, with around 4,500 of these being successful, and the figure could be much higher since the beginning of the Covid pandemic. "
Online Retail at Risk from Cyberattacks
Half of consumers (44%) have stated that they would stop using a company online if they were to be breached during a cyber-attack – concerning news for many retail and service operators who have pivoted their business to be more online-centric in response to widespread lockdown measures.
In May 2020 alone, ecommerce transactions grew by 168% and currently represent 27.5% of total retail sales this year – this is expected to grow to represent a third (32.1%) of all retail sales by 2024.
Ill-prepared for Remote Working
Lockdown measures like we have never seen before changed businesses working practices overnight. Where just 11% of UK businesses stated their entire workforce (at the same time) were able to work remotely pre-lockdown, this sky-rocketed to 70% once lockdown hit – with the majority of white-collar firms being able to push the button on remote working in less than a week.
Of the 70% who were able to do this under 7 days, over half (53%) of these firms in the UK were able to transition their staff to remote working in less than 48 hours. Despite having little notice, 71% of staff described the relocation to homeworking as seamless.
However, little consideration by the government was given to the vulnerability of IT & Cloud security when businesses were told they must enforce remote working. In fact, half of companies (48%) admitted that they do not have adequate cybersecurity provision to maintain a 100% remote working model.
Whilst industries have vowed to step up their security game – it is predicted that the current £68bn spend on cybersecurity will need to be doubled, at the very least, to be up to scratch with new ways of working. However in a period of rapid, non-legislated change, the question remains about where accountability lies regarding data breaches.
Nathan Tittensor, Director at i3Secure, a UK-based Cyber Security and Data Protection consultancy comments:
“After e-commerce, the next industry which we suspect will be looking at their security posture is the legal sector, in particular law firms. Whilst the legal sector deals with high volumes of confidential information, they have never been mandated to have certifications around security.
“Although we are starting to see firms achieve certifications such as ISO 27001 to demonstrate they have robust practices and enhance customer trust, it is remote working that has really shone a spotlight on the sector and they should act fast before it is faced with the consequences of personal information being mishandled when not on-site in offices.”
