Human error poses cybersecurity challenges for 80% of businesses during the COVID-19 pandemic

The Long and Winding Road to Cyber Recovery

Eighty percent of companies say that an increased cybersecurity risk caused by human factors has posed a challenge during the COVID-19 pandemic, particularly in times of heightened stress. This is according to Cyberchology: The Human Element, a new report that explores the role employees and their personality play in keeping organisations safe from cyber threats. Including that:

Cybercrime has increased by 63% since the COVID-19 lockdown was introduced
Human error has been the biggest cybersecurity challenge during the COVID-19 pandemic, according to CISOs
Just a quarter of businesses consider their remote working strategy effective
47% of people are concerned about their ability to manage stress during the coronavirus crisis

Cyberchology research investigates the attitudes of 2,000 consumers and over 100 Chief Information Security Officers in the UK, with psychological research examining the link between cybersecurity, personality, and stress in a virtual world. Cyberchology is a partnership that has been running since 2019 between ESET, IT security provider, and The Myers-Briggs Company, one of the world's leading business psychology providers.

The report found that 75% of companies say that half of their business is being undertaken by employees who are now working remotely – but weren't doing so before COVID-19, showing a highly dispersed current workforce. With CISOs reporting a 63% increase in cybercrime since the COVID-19 lockdown began, and remote working here to stay for many employees, businesses are more at risk than ever.

Meanwhile, the report found that over two thirds of consumers were concerned about their cybersecurity but didn't know what to do about it, and nearly half of respondents were concerned about their ability to manage stress during the pandemic. Stress affects different personality types in different ways, meaning that each individual employee has their own specific blind spot when it comes to cybersecurity. As the pandemic has raised stress levels, staff members may be more likely to panic and click on a malicious link, or fail to report a security breach to the IT team, depending on their personality type.

The paper therefore encourages businesses to implement a holistic cybersecurity strategy that takes individual personalities into account.

Discussing the findings of the Cyberchology paper, Jake Moore, Cybersecurity Specialist at ESET, stated: "Remote working has brought greater flexibility to the workforce, but has also dramatically altered business processes and systems. The combination of fractured IT systems, a lack of central security, the sudden shift to home working, and a global climate of stress and concern is a perfect breeding ground for a successful cyberattack. The fact that only a quarter of businesses have faith in their own remote working strategy is shocking, and shows there is much work to be done to secure working from home."

John Hackston, Head of Thought Leadership at The Myers-Briggs Company, commented: "Cybersecurity has long been thought of as the responsibility of IT departments alone, but in order to build a holistic cybersecurity strategy that accounts for the human factor, IT and HR departments must work together. Using psychometric testing and self-awareness tools, HR can help to identify the makeup of teams and pinpoint potential vulnerabilities. IT teams can use this insight to create comprehensive security protocols and a proactive cyber strategy to stay one step ahead of potential threats."

You can read the full paper here.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.