Hiscox: Organisations Tackle Growing Cyber Security Risks

Business leaders now identify insider threats as the most significant risk to cyber security, according to research from specialist insurer Hiscox.

The company’s annual Cyber Readiness Report reveals that 70% of UK businesses experienced more cyber-attacks in the past 12 months compared to the previous year, highlighting the growing challenge organisations face in maintaining robust security postures.

Hiscox report identifies workplace cyber risks

The shift towards flexible working arrangements has created new vulnerabilities that require attention from security teams. Office for National Statistics data shows that 26% of UK workers now operate in hybrid environments while 14% work remotely in 2024, increasing potential attack surfaces for organisations.

“Agile and remote working has become the norm across many industries now. But, between joining public Wi-Fi networks in cafes and on trains, to working on the go on a smartphone, businesses are notably more vulnerable to cyber-attacks,” comments Alana Muir, Hiscox’s Head of Cyber.

As Alana adds, mobile devices present particular concerns for organisational security: “Mobile phone access to business documents carries especially significant security risks.

"Users unknowingly raise the risk of malware infections on their phone when downloading apps and opening links on texts and emails from unverified sources, creating security weaknesses. Knowing how to work responsibly on personal and work devices is crucial to reducing potential business compromise.”

ZTNA implementation gains momentum

Google Trends data indicates growing interest in Zero Trust security approaches, with searches for Zero Trust Architecture increasing by 34% in the current quarter (11% year-on-year). Similarly, interest in Zero Trust Network Access (ZTNA) has grown by 19% this quarter, with global search volumes reaching almost 100,000 monthly – representing a 22% increase year-on-year.

This aligns with Hiscox’s findings that two-thirds of firms plan to implement Zero Trust Architecture by 2030, recognising the need for more stringent security controls in today’s threat landscape.

Jacob Kavlo, Co-Founder and CEO of Live Proxies, explains: “A Zero Trust security model best arms an organisation against modern threats. The ‘never trust, always verify’ attitude to users and devices means every access request must be authenticated and authorised.

"This approach presumes threats can come both from outside and inside an organisation, making strict identity verification, least privilege access, and continuous monitoring essential components of a resilient strategy.”

Mobile working protocols require comprehensive measures

Expert guidance suggests organisations should establish clear policies regarding which documents can be accessed via mobile devices. The risks associated with mobile access to certain documents cannot be overlooked, according to security professionals.

“Some categories of documents, such as high-level financial records, proprietary research, or strategic planning documents, should never be accessed on a mobile device unless unavoidable,” says Jacob.

“This is largely because mobile devices are considered less secure than desktops and laptops that may run comprehensive antivirus and firewall software. Particularly, if the mobile phone’s access is not company-managed, it may not have robust endpoint security measures.”

For employees who must work remotely, Jacob recommends layered security approaches: “Generally, any public network, whether it is secure or unsecured, can expose someone's data to possible interception.

"Cyber attackers can easily access data being transmitted over these Wi-Fi networks through methods like ‘man-in-the-middle’ attacks, where an attacker can position themselves between a device and the network. They can capture data in transit to read, modify, or steal sensitive information without either party noticing it.”

The combination of multiple security technologies provides the most robust protection for remote workers. “If working remotely, using Virtual Private Networking makes an attacker’s job harder. With a VPN, if someone does manage to intercept the internet connection, they won’t be able to read the data being sent because it's encrypted,” Jacob explains.

“However, I highly recommend implementing endpoint protection, VPN access and multifactor authorisation (MFA) all at once to achieve maximum security.

"Endpoint protection will oversee the security of the device from malware and unauthorised access, while VPNs will protect data in transit, and MFA will add another layer of verification to ensure that only authorised users have access to sensitive information. All three together create a wheel of security that makes data breaches infinitely harder.”

Beyond technological controls, human factors remain critical in establishing effective security programmes. Hiscox has focused on addressing this element through education initiatives.

“Cultivating a cyber-aware culture among employees, contractors and business partners has never been more imperative,” says Alana. “By making cybersecurity a shared responsibility, businesses can better protect themselves and their clients from costly cyber incidents.

“Regular staff training means everyone can recognise phishing attempts, set secure passwords, and understand their role in safeguarding the business. Establishing clear protocols also gives everyone the confidence to act swiftly if a threat arises.”

This focus on training has led Hiscox to develop educational resources for organisations. “This is a key area of focus for Hiscox, not only in our own business but with our customers.

"The Hiscox CyberClear Academy has been providing online cyber awareness training for policyholders and their teams since 2017 to over 36,000 people from 7,000 organisations to help reduce cyber security compromise,” Alana says.

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand