Skip to main content

Many organizations did not do enough to stay cyber secure during lockdown

(Image credit:

Many businesses failed to take the necessary steps to protect their data during the Covid-19 pandemic, according to a new report from IT Governance and DQM GRC.

Based on a poll of 200 businesses, the report states that a quarter did not train their employees on cyber-risks or privacy threats related to remote working and Covid-19 both prior to and during lockdown.

This is despite that fact that phishing, fake video conferencing platforms and similar scams were rampant during the first three months of the coronavirus outbreak.

The majority of businesses also failed to conduct risk assessment on personal devices their employees were using for remote working before going into lockdown, while more than half didn’t have a remote working policy set up.

Further, almost a third (30 percent) said they weren’t fully confident they would be able to recognize a cyber-incident taking place.

Four in ten businesses described adapting to the pandemic as a difficult task, with four percent admitting they did not cope well with the transition. More than a third believe the situation will never return to normal, and half expect further lockdown cycles.

“The lack of staff training around the cyber risks Covid-19 has presented for remote working is worrying, and we’ll have to wait and see what this results in for organizations further down the line when the potential cyber incidents that occurred during lockdown are discovered,” said Geraint Williams, Group CISO of GRC International Group.

“There are huge consequences for not training staff on how to implement information security at home, and this should have been a priority for all organizations when a mass move to home working became evident."

“When not implemented properly, remote working can also expose organizations to the insecurities of home networks and the potentially unsecure devices used by other household members, which employees may not recognize as hazardous. This means there is a huge increase in the risk of data breaches and cyber security issues, and this new reality makes security awareness and training even more important where working from home is concerned.”