The Covid-19 pandemic has left businesses vulnerable to cybercriminal activity by creating new attack vectors and disincentivizing security best practices, new data suggests.
A report from consultancy EY based on a poll of 1,000 security professionals claims more than half of businesses deliberately bypassed security measures in order to facilitate remote working during the pandemic.
EY also found that 43% are more concerned than ever about their ability to tackle cyberthreats, while 39% feel their budget is inadequate to shield against increasingly sophisticated attacks. A healthy majority (77%) also said they have witnessed an increase in the number of disruptive attacks in the last twelve months, up from 59% in 2020.
“The speed of change that businesses have had to adapt to this past year came with a heavy price. The need to rapidly transform to survive meant that security was often overlooked,” noted Kris Lovejoy, EY Global Consulting Cybersecurity Leader.
“The risks of simply moving on, especially as businesses look to maintain some of these working practices in the post-Covid era, without addressing these cyber gaps, are very real and increasingly urgent.”
To address these issues, the report suggests businesses should focus on cultivating closer relationships between the security department and other business functions – and in particular, the CEO.
Errol Gardner, Global Vice Chair – Consulting at EY, says building strategic relationships between the CISO and the rest of the C-suite will mean projects are more likely to be implemented in a “cyber-secure” way.
“While CEOs are on a path to realize their vision and transform their business through technology, they can’t afford to turn a blind eye to the cyber risks this poses. At the same time, it falls on CISOs to ensure that CEOs have the right understanding of the value that investing in cybersecurity brings and that they recognize that as an integral part of the transformation journey,” he said.