Skip to main content

Cyber risks during COVID-19

Within the UK retail and leisure and hospitality sector

Risk & Analytics|Risk Management Consulting
COVID 19 Coronavirus

By Jim Fox | May 5, 2020

Following our recent webinar on 21 April, this insight talks through the impact of COVID-19 on cyber risks.

Facing up to being forced online

The COVID-19 pandemic has forced many of us to move to remote working at a pace, speed and scale that was previously unimaginable. This has changed the way many organisations do business overnight. Processes that were previously manual, such as human resources activities, have all faced the switch to online.

The unplanned nature of the move has meant a sudden demand for a range of IT equipment, from laptops, and phones to digital platforms and software.

Your organisation may have been exploring whether to move to an online way of working before the pandemic hit. You may have even started this process and set finances aside to take this forward as part of a long-term business strategy. Other businesses may have decided that such a move was too expensive, too complex and simply unviable.

Sudden demands on IT

Since lockdown began, IT departments have been under immense strain to get businesses running smoothly.

The sudden demand has seen some virtual private networks (VPNs) struggle, with employees trying to access the network at the same time from all across the country.

Requests for IT support – and therefore waiting times – have likely increased. Where IT departments don’t have the resilience to deal with the demand, many users may have become frustrated and may have attempted to solve issues themselves.

This could include downloading software onto business and personal equipment or using personal email accounts to move sensitive data. Although employees are just trying to get things working, they may open your business up to a plethora of cyber security risks.

Increased cyber-criminal activity

Earlier in April 2020, the UK National Cyber Security Centre (NSCS) published a combined advisory notice with the US Department of Homeland Security.1 The notice warned that cyber criminals, or organised criminal groups are exploiting COVID-19 and are likely to continue doing so for the coming weeks and months.

Phishing scams are the most common lure. The NCSC reported seeing malware distribution, registration of new domains that appear to be genuine, and attacks against newly deployed remote working infrastructures.

These are very simple for criminals to do, whilst using publicly known vulnerabilities.

There are many scams based on the theme of COVID-19 that attempt to make the user click a link embedded in a message. This then downloads a file or redirects to an illegitimate website, such as fake Office 365 or Google Mail. The aim of the scam is to capture log-in and personal details.


There is also a risk of ‘smishing’, which is where you receive a text message that appears to be legitimate. Usually the message will attempt to make you click on a link and then again ask you for log-in or bank details.

These scams may not affect your business directly, but your employees may become victims. Outside the office environment, they don’t have others around them to ask for advice. They may also click links from business devices and leave your network vulnerable.

Risks that are often overlooked include:

  • Selfies taken by staff working from home that may accidentally display confidential information in the background.
  • Smart technology in employees’ homes, such as Alexa or smart TVs, have the potential to leak sensitive business data.
  • Non-approved translation software can mean that while you retain ownership of a document, you approve the translation software to keep and use the content.

The cost of cybercrimes so far

As of 24 April 2020 Action Fraud, which is the national cybercrime and fraud reporting centre for England and Wales, has received reports from 1072 victims. The value of losses from personal individuals and businesses is £2.3 million, made up of 4,241 individual reports. 2

Preventing your organisation from being disrupted

Map and assess your new cyber risks

You will by now likely have a completely new digital landscape and your system interdependencies will have therefore changed. Due to the Government lockdown many of your employees will now be working from home and your data may now be held in locations you don’t know about and don’t have control over, such as cloud storage.

Update your asset register

You’re also now likely to have new devices and applications in your network and your asset register may be out of date. It is important to review and update it and to keep track of all the digital tools and equipment your staff are using.

Plan for the worst

If your business suffers a ransomware attack and employees are unable to access the network, it could put your business into terminal decline.

Develop a plan with key stakeholders and explore different ‘what if’ scenarios. Consider whether tasks can be done manually if digital systems are down.

Carry out backups regularly

You may take backups weekly or monthly, but during this crisis, consider whether they should now be taken daily, or even hourly.

It’s good practice to have a copy of the backup offline and disconnected from the network – even if that is a copy held on a cloud-based system.

Communicate with staff

Run regular information campaigns to all staff about the current threats and ask them to report back any phishing or smishing attempts they’ve encountered. This will give you vital insight into the level of threat your business faces.

Consider a ‘no blame’ culture

Some organisations have a zero-tolerance policy for employees clicking on a link in an email. However, it might be a good idea to relax this policy while staff are working from home – employees may be discouraged from calling IT if they think they’ll be disciplined. It will also help you understand how often this happens.

Remember that if you do suffer a data breach, you are a victim of a crime. There should be no shame in admitting that your organisation is being targeted by an organised criminal group during a time of crisis. 

Keep policies up to date

It’s important that all policies are reviewed and refreshed regularly, especially where your cyber risks may have changed. 

What about staff who are on furlough?

Staff on furlough are likely to still have user credentials that allow them to log on to your network while they’re at home. Review who has access and whether they need it. Discuss with your IT team whether those accounts can be suspended until the furlough process is over. 

Implement multi-factor authentication (MFA)

Using MFA means employees must enter a code from a second device to log on to the network. Criminals hoping to gain access to your network usually just steal log-in details and are far less likely to be able to access the network if it’s secured using MFA. 

Plan for your recovery

At some point, the lockdown will be lifted and some form of new normal will resume. Now is the time to think now about what technology you will need, who will need access to your network and why, and what areas they will need access to.

Cyber can be a daunting area but stick to the basics, keep it simple and don’t be afraid to ask for advice.

Cyber can be a daunting area but stick to the basics, keep it simple and don’t be afraid to ask for advice.


Each applicable policy of insurance must be reviewed to determine the extent, if any, of coverage for COVID-19. Coverage may vary depending on the jurisdiction and circumstances. For global client programs it is critical to consider all local operations and how policies may or may not include COVID-19 coverage.

The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal and/or other professional advisors. Some of the information in this publication may be compiled by third party sources we consider to be reliable, however we do not guarantee and are not responsible for the accuracy of such information. We assume no duty in contract, tort, or otherwise in connection with this publication and expressly disclaim, to the fullest extent permitted by law, any liability in connection with this publication. Willis Towers Watson offers insurance-related services through its appropriately licensed entities in each jurisdiction in which it operates.

COVID-19 is a rapidly evolving situation and changes are occurring frequently. The information given in this publication is believed to be accurate at the date of publication shown at the top of this document. This information may have subsequently changed or have been superseded, and should not be relied upon to be accurate or suitable after this date.





Kelvyn Sampson
GB Industry Practice Leader – Retail and Leisure & Hospitality


Risk Management Executive - Cyber Risk & Crisis Management

Related Services

Contact Us