header image

Hybrid Adaptability: Who Is Late to Respond?

Jamie Smith, Joseph Tarraf 7 December 2021
7 December 2021    Jamie Smith, Joseph Tarraf

Investing in Cyber Resilience: Spend, Strategy, and the Search for Value

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

In our report, Investing in Cyber Resilience: Spend, Strategy and the Search for Value, we asked 600 IT and senior decision makers about their experiences of shifting and responding to hybrid working.


The hybrid working environment poses many challenges for remote workers, not least to remain vigilant for phishing emails throughout longer working days – as the lines between professional and personal have blurred – making them obvious targets of compromise.


The rise of cyber risks due to hybrid working

Cybercriminals have certainly capitalised on these issues, resulting in heightened cyber security risks across the board. Throughout the pandemic, they have ramped up phishing and other social engineering campaigns designed to take advantage of new and unfamiliar communication channels. Between January 2020 and January 2021, Google reported a 27% increase in phishing sites. Threat actors have also been quick to exploit vulnerabilities in remote-working platforms and protocols. According to ESET, Remote Desktop Protocol (RDP) attacks increased by 768% in 2020 alone – amounting to a total of 29 billion attempted attacks.

As cybercriminals have proved themselves highly adaptive, the risks of not adapting an enterprise-wide cyber incident response plan to new ways of working are numerous. Beyond contending with a heightened risk landscape, cyber incident response teams have been restricted to convening and acting virtually, introducing the need for out-of-band communication channels, specialist technology, and expertise to enable incident response to be carried out remotely.

 

"95% pivoted their cyber incident response plans to reflect hybrid working"

 

The fact that 95% of respondents to our survey (carried out for the report Investing in Cyber Resilience: Spend, Strategy and the Search for Value) pivoted their cyber incident response plans, either in part or completely to reflect hybrid working models, shows a broad appreciation of the changed threat landscape. Those that did not adapt can perhaps look to their board engagement to see why. Those organisations citing their boards as largely reactive have lagged behind their peers – with 74% stating that they have not made any changes to their response plans to date.

Cyber Security Board Engagement

Engagement at the very top

A thread running through many of the key findings of the report, Investing in Cyber Resilience: Spend, Strategy and the Search for Value, is the importance of a proactive board. Companies that feel they are only investing in 'some of the right areas' or 'none at all', when it comes to cyber security, also report lower levels of board engagement with the subject. This pattern continues across all areas with reactive boards correlating with lower levels of organisational cyber strategy implementation and roll out, and poorer investment outcomes across all areas of cyber investment. Spending time on cyber with time-pressed board members is tough. But the argument to take steps to increase board engagement is compelling. There are organisation-wide benefits and savings to be made.

 

DOWNLOAD THE FULL REPORT 

Investing In Cyber Resilience Report Download Button

To discuss this article or other industry developments, please reach out to one of our experts.

Jamie Smith
Jamie smith Head of Cyber Security Email Jamie
Joseph Tarraf
Joseph tarraf Managing Director, Cyber Security Email Joseph

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report