Skip to main content

Considering the people side of cyber risk amid COVID-19 crisis

Financial, Executive and Professional Risks (FINEX)
COVID 19 Coronavirus

By Dean Chapman | April 28, 2020

First and foremost, the COVID-19 (coronavirus) crisis is about people.

The immediate impact is to individuals’ physical and emotional wellbeing, but it will have an economic impact as well.

People are concerned for their own welfare, their loved ones and their friends. In the same vein, businesses should look to (if they haven’t already) extend care and compassion to their workforces. People are anxious and concerned and in that state are likely to be focused on other priorities. But if organizations are to emerge from this relatively unscathed, it is important they aim to protect, advise and reassure their people where possible.

You can build and strengthen the culture of your business, one that clearly and firmly puts the people at the very epicentre by following these steps which can further help harden your workforce in a cybersecurity sense.

Create a strong link between business culture and cybersecurity

Let’s look at how the business culture impacts your cybersecurity posture. Many global organizations are currently on a work-from-home footing. Depending upon the nature of your industry, it is likely strategies are in place so a displaced workforce can still operate at a close-to-normal tempo. Yes, there will be pressures on your technical infrastructure, network access (VPN) etc. But a bigger concern should be that this could be an entirely new way of working for your people which could be alien to a majority of your workforce who have never had to work from home previously.

Businesses need (a) to be confident in their employee’s ability to effectively work from home and (b) provide them with the tools to be able to deliver. While companies can routinely provide the technology and the network access, it is possible that cybersecurity can still be jeopardised.

Notably, isolation and a feeling of exclusion have the potential to manifest themselves as one of the cognitive biases often associated with cybersecurity attitudes and behaviours. In psychology, cognitive biases are described as mental shortcuts, systemic errors in humans caused by the imperfect manner in which we process information and make decisions.

It is said that we are all shaped by a combination of our environment, our genetics as well as our cognitive ability to process and interpret our perception of our immediate surroundings and the wider world. What does that mean? It means that our decision-making abilities, our attitudes and behaviours are shaped and influenced by our experiences, both past and present. In the current climate, characterized by isolation, exclusion and anxiety, and considering those mental shortcuts we make in a cyber context, this could affect your employees and your business.

Communication is key

A visible (albeit virtual) presence can open up channels of communication (top to bottom and bottom to top), encouraging your workforce and your teams to share their concerns and their ideas with you.

The technology controls you have put in place should fulfil their purpose, but as we are already seeing an upturn in cyber attacks (mainly instances of social engineering i.e. email-based attacks that look to capitalize on this crisis), the “human firewall” is more likely to be under increasing stress. Are you confident that your (now displaced) workers are prepared? If not, it is recommended that you look to provide employees with the information needed in line with your cyber security policies.

Applying efforts to ensuring spirits are kept high and that minds are focused; may well ensure your organization rides out of this storm without any significant security incidents.

Your business culture is going to be key in ensuring your organization keeps ticking over.

Ultimately, your business culture is going to be key in ensuring your organization keeps ticking over and, hopefully, protected within the cyber space through this difficult period of disruption and beyond.


Product Director - Cyber Risk Solutions

Contact Us