Remote work cybersecurity facts show that cyber-attacks are on the rise, as 45% of businesses in the US have suffered a major breach in the past 12 months.
The trend towards remote work increased rapidly during the COVID-19 pandemic. Now over half of the organizations have their workforce spending some time working from home.
Meanwhile, a significant percentage of workers no longer step foot in the office at all.
Indeed, the nature of the Internet and technology has rendered the traditional workplace unnecessary. And while the benefits of a physical office still hold weight, many businesses cut costs by going remote.
Unfortunately, one negative consequence is an increased risk to cybersecurity.
Let’s dive into the most important data!
Worrying remote work cybersecurity statistics
The data on the subject suggests organizations are woefully unprepared.
- During the pandemic, 20% of organizations suffered cybersecurity breaches caused by remote workers.
- 79% of companies feel the increase in remote work is harming cybersecurity.
- Vulnerabilities in third-party software are the prime cause of remote cybersecurity breaches, according to 65% of security and business leaders.
- Companies with more than half of their workers remote require 58 days more to identify and contain cybersecurity breaches.
- The average business cost for breaches linked to remote workers is $1.07 million higher than those in the office.
General remote work cybersecurity statistics
Let’s take a closer look at the current landscape of remote work and cybersecurity.
1. More workers spend time working from home than from the office.
(Source: Check Point)
Remote work is becoming the rule, not the exception. 60% of organizations see more than half of their employees spend at least two days a week working from home.
2. From 2019 to 2021, the number of full-time remote workers rose from 5.7% to 17.9%.
During the height of the COVID-19 pandemic, companies became responsible for the cybersecurity of triple the regular home workforce. Namely, the number of remote employees rose from about nine million to 27.6 million.
3. 94% of organizations allow remote access to work resources from personal devices.
(Source: Check Point)
Even when staff is expected to be in the office, almost all workplaces allow open access to company apps and assets via unmanaged personal devices. That suggests the days of the sole company laptop are over.
4. During the pandemic, 20% of organizations suffered cybersecurity breaches caused by remote workers.
Unfortunately, companies were not properly prepared for the sudden shift to primarily off-site workspaces.
That resulted in 24% of these organizations having to pay unexpected expenses for security breaches of their remote working staff.
5. 79% of companies feel the increase in remote work is harming cybersecurity.
Companies are playing catch-up with their cybersecurity measures as the growing mix of home and work devices adds more ways for threats to emerge.
6. 65% of IT and security professionals say they find it easier to protect company data when staff is in the office.
(Source: Ponemon Institute)
Unsurprisingly, the majority of those responsible for cybersecurity acknowledged that the old way was more secure, and remote working vulnerabilities pose many challenges.
7. On average, it takes 58 days more to identify and contain cybersecurity breaches in companies with more than half of their workers remote.
Businesses must face the reality that remote work leads to more, costlier, and harder-to-fix cybersecurity breaches and adapt accordingly.
8. Tajikistan is the least cyber-secure country to work from, while Denmark is the safest.
Based on 15 criteria, including the number of malware infections and spam emails, Tajikistan experiences the most cyber threats, followed by Bangladesh and China.
On the other hand, Denmark proves to be the safest in that regard.
Causes of remote work cyberattacks
Why is cybersecurity at work better than at home, and what are the primary causes of the problems? Let’s see!
9. 56% of senior IT technicians say employees are more careless with cybersecurity outside the office, and 39% of workers agree.
(Source: Tessian, Verizon)
It’s not just a lack of knowledge about cybersecurity that leads to poor practices at home, it’s apathy. Half of the surveyed workers said they feel less scrutinized by the IT department when at home.
Furthermore, 57% agree they’re more distracted. 52% also admitted to sacrificing the security of mobile devices, including IoT, to meet deadlines and targets.
10. 80% of security and business leaders think moving business-critical functions to the cloud has increased risks.
The cloud has lifted the restrictions on in-house hardware and allowed for the efficient implementation of business software. However, there are inherent risks in relying on resources outside the organization’s full control.
In fact, since the pandemic, 62% of organizations have suffered business-impacting attacks involving cloud assets.
11. 65% of security and business leaders attribute recent cyberattacks to compromised third-party software.
Whether it’s licensed software or random apps used at home by staff, attackers use weaknesses in third-party software to target businesses.
12. Phishing is the threat that has increased the most.
None of the common cyber threats are new to businesses. However, 62% of the security professionals within Microsoft’s commercial organizations said phishing had increased the most since the switch to remote work.
13. 28% of compliance professionals believe the biggest threat is the increased number of devices workers use to access company data.
It’s easier to monitor staff when they’re in the office and use fewer devices to access work.
As seen above, the use of personal devices can result in numerous threats to a business.
14. In the UK, losing a laptop is a bigger threat than ransomware.
(Source: Cisco Systems)
Despite the issue with the number of devices used for remote work, losing them is also a big problem in the UK. Since 2020, the Information Commissioner’s Office has received more than 3,000 reports of lost devices.
Furthermore, UK companies are more likely to be fined for lost data than for data held by ransomware.
15. 47% of employees blame distractions at home for getting tricked by phishing scams.
Lots have been said about home working and productivity. Furthermore, the blending of environments has given rise to unique distractions that aren’t present in the traditional office.
So, while phishing attempts have increased, working from home is also causing more people to fall for them.
16. There’s a cybersecurity skills shortage.
Of 1,223 IT and cybersecurity leaders surveyed, 60% said they struggle to recruit new talent, and 52% have retention issues.
When speaking about digital users, 86% of Americans attempt to remove aspects of their digital footprint by deleting cookies, using VPNs, and encrypting email accounts
Remote work cybersecurity costs
Cybersecurity is certainly expensive, but the losses and cleanup after a breach are the biggest financial risk.
The remote work cybersecurity stats below look at the financials involved.
17. Data breaches linked to remote work cost an average of $1.07 million more than in-office breaches.
At organizations where remote work was a factor in a breach, the financial cost was $4.96 million. On the other hand, in cases where remote work wasn’t a factor, the expenses were around $3.89 million.
18. The average payment made in ransomware attacks was $570,000 in the first half of 2021.
(Source: Unit 42)
The figure for the first two quarters of 2021 was up from $312,000 the prior year. However, the actual payments made by companies were far less than the average demand of $50 million.
19. Most companies now have a dedicated budget for mobile security.
Namely, 85% of companies recognize the security of mobile devices is important and are willing to divert budgets accordingly.
These remote work cybersecurity statistics show growing concern as more and more people start working primarily from home.
Organizations must contend with cloud delivery, third-party software, and the use of an increasing number of personal devices.
All in all, attacks tied to remote workers are harder to detect and cost more to fix, and the market experiences a lack of cybersecurity professionals. So, not a positive overall picture.
20% of organizations surveyed by MalwareBytes could directly trace a cybersecurity breach to a remote worker during the COVID-19 pandemic.
Cybersecurity is essential for remote workers because any threats they face at home can impact their employers. Namely, that could lead to the stealing of sensitive data, financial loss, and damage to the organization’s reputation.
Working remotely poses similar risks to anyone using the Internet or local networks. As the remote work cybersecurity statistics show, malware and ransomware attacks, phishing scams, and unauthorized access to devices and networks are all key threats.
Remote workers may be particularly vulnerable because they often use personal devices and home networks that don’t have the same level of security as a workplace network.
Additionally, home workers are more isolated from their colleagues and employer security policies, leading to a more apathetic attitude. That makes it more likely to fall for social engineering attacks, such as fake emails or messages.