Just under half (44%) of UK insurance firms and underwriters admit to having inadequate cyber threat visibility and detection systems to protect employees working remotely, according to new research from Doherty Associates.
It found that these firms were “unaware” of the volume of cyber attacks and data breaches impacting their remote workforce. A third of firms felt that their IT environment is more vulnerable to a cyber or data breach with employees working outside the office, yet 58% expect the hybrid office to stay.
The study, examining the cyber and data security practices of 750 UK insurance firms and underwriters, also found that one in five employees are closing more deals and winning more business since working remotely with over a third attributing this to “being able to work faster at home”.
Some 52% of the insurance firms and underwriters polled say their organisation has yet to experience a cyber attack or data breach since transitioning to remote working since the March 2020 lockdown however.
Nonetheless, a quarter of employees said they have been the victim of a data breach or caused one themselves since working remotely, suggesting that employees are not reporting all of the mistakes they make to the firm. One in seven experienced a phishing attack or similar cyber attack and 46% admitted to emailing confidential client information or unencrypted attachments.
Only half of the firms surveyed have carried out a cyber risk assessment since working remotely, and 25% admitted they “can’t guarantee security on every device used out of the office”. Despite this, one in five said the cost of a major cyber or data breach to the business could be anywhere from £10mto £50m “or more”.
“Unfortunately, attacks are common in the insurance and underwriting sector, particularly in this current climate of remote working, and the difference between how many firms are detecting breaches compared to the reality of them occurring does suggest that firms need better cyber defence postures that give greater visibility and detection to keep their remote workforce safe.”
A third of employees in the insurance and underwriters sector surveyed by Doherty Associates said they’ve had no cyber awareness training since the first lockdown and over two thirds admit to ignoring virus security scan requests or computer update alerts to safeguard their company’s systems and sensitive data.
Terry Doherty said: “Operating a remote workforce in the cloud has many benefits, including greater flexibility, diversity and lower overheads, but it’s critical to ensure that teams continue to operate safely, securely and are fully compliant with FCA and GDPR regulations wherever they are working from.
“With the Government’s lockdown roadmap underway, employers are starting to plan for when restrictions ease with many reporting that hybrid working is here to stay. With employees working outside of the office, using a blend of personal and company devices, firms no longer have a single ‘front door’ to protect but a multitude of entry points to secure against cyber criminals. This is why it’s critical for firms to have excellent cyber hygiene.”