The remote work reality shared by millions of Americans during COVID-19 is here to stay. Some experts estimate that the number of full-time employees working from home will expand 733% over pre-pandemic figures by the end of next year⁠—permanently.  This exponential growth will likely continue as increasing numbers of employees come to see remote work as a highly desirable working arrangement. Unfortunately, cybercriminals are keenly aware of this trend and are adjusting their tactics accordingly.

This whitepaper, best viewed in Google Chrome, describes the cybersecurity implications of the coming remote work revolution from a people-focused perspective. Based on extensive Willis Towers Watson research, it highlights four aspects of employee experience that, if deficient, increase the likelihood that an organization will experience a breach:

• Lack of customer focus: Employees in breached companies report less emphasis on the customer, slower responsiveness to customer needs, and fewer proactive efforts to gather and act on customer feedback. 
• Poor adaptability: Employees in breached companies report their companies lack both speed and flexibility when it comes to decision-making and managing teams. 
• Low empowerment: Employees in breached companies report lower favorable scores when it comes to empowering staff through communication, respect, and support for teamwork.
• Inadequate training and compensation: Employees in breached companies report less adequate training for the work they do⁠—specifically, less opportunity to upskill and advance in role⁠—and a need to better align pay with performance.

The paper offers concrete recommendations about how organizations can address each of these challenge areas today in order to advance robust cyber risk cultures that make them safer.  Notably, the recommendations go beyond more traditional “zero trust” approaches that typically involve employee risk assessment, least privilege access controls, and continuous monitoring.  They instead focus on practical human capital strategies that managers can adopt to change remote (and on-site) employee cyber attitudes and behaviors for the better. 

Zero trust and cyber-enhancing human capital strategies naturally complement each other and should be pursued together.  To implement both effectively, organizations must forge greater collaboration among CSO, CISO, CRO, and HR leaders—each of whom has an important employee engagement role to play. 

What’s the bottom line? As the remote work phenomenon accelerates, organizations that get the human element of their cyber risk management efforts “right” will benefit profoundly when it comes to enhanced security, cyber insurance placement, legal defense, and business growth in the months and years ahead.  The ideas outlined in the whitepaper provide a solid starting point for advancing risk culture in a broadened and critical way.

Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.