Mar 29, 2021

Up to 40% of insurance firms unprepared for remote workers

remoteworkers
workingfromhome
cyberattacks
Insurance
Joanna England
5 min
Up to 40% of insurance firms unprepared for remote workers
Some chief executives also against remote staff citing lower productivity levels and security issues, new study suggests...

The working from home mandate is being questioned by some chief executives as a new report by Doherty Associates, one of the leading IT Cloud Services and Support companies for London and the South East, suggests 44% of insurance firms are inadequately fortified against cyber attacks.

The news comes following Boris Johnson’s recent comments at the Conservatives Virtual Sprint Forum, where he spoke of his support for workers to return to the office. "The general view is people have had quite a few days off, and it wouldn't be a bad thing for people to see their way round to making a passing stab at getting back into the office,” the Prime Minister said. 

The pandemic was expected to prompt a remote working revolution and data shows that in the insurance industry, one in five workers have closed more deals while working from home and more than 50% of firms have not had a cyber breach since March 2020.

However, according to the report, security of data is a huge concern as a worrying 46% of employees admit to having emailed confidential information during this period while a quarter of workers have experienced or caused a security breach and one in seven employees have been the victim of a phishing attack.

Insurance cyber fraud

The study, which examined the practices of 750 UK insurance firms and underwriters as well as 500 employees since March 2020, discovered that one third of firms believe their cyber security, visibility and detection systems are inadequate, while many others were unaware of the volume of cyber breaches currently affecting the remote workforce. 

A third of employees in the insurance and underwriters sector surveyed by Doherty Associates said they’ve had no cyber awareness training since the first lockdown and over two thirds admit to ignoring virus security scan requests or computer update alerts to safeguard their company’s systems and sensitive data.

82% confess to working on a blend of work and personal devices when working from home, with 53% admitting to saving confidential corporate information to these devices. But only 13% of firms have put a block on personal devices for work use.

Despite this, there is strong support for the hybrid, working from home as 58% of the respondents expect the hybrid working arrangements to stay in place, the study found. 

However, this is possibly because 52% of the insurance firms and underwriters polled by Doherty Associates for its report, said their organisation has yet to experience a cyber attack or data breach since transitioning to remote working since March 2020 lockdown.

Working from home in the insurance industry

  • 1 in 5 employees have closed more deals while working from home since March 2020 lockdown
  • Half of firms say they have not had a cyber attack or data breach since March 2020
  • Yet 46% of employees admit to having emailed confidential information during this period
  • A quarter of employees have experienced or caused a data breach
  • 1 in 7 employees have been subject to a phishing attack or similar cyber attack
  • 1 in 5 firms say a cyber or data breach could cost the company from £10m - £50m or more

Speaking about the report findings, Terry Doherty, CEO of Doherty Associates, said the report revealed an interesting combination of positive and negative findings. “It’s great to see that deal making and new business remains strong through the pandemic, thanks to the flexibility and collaboration made possible by the adoption of cloud technology. However, insurance firms and underwriters have always been attractive targets for cyber criminals due to the high value of transactions – and with home and hybrid working they can find themselves more vulnerable than ever.”

However, he pointed out that cyber attacks are becoming increasingly prevalent, particularly in the insurance industry where companies retain sensitive information on their clients. “Unfortunately, attacks are common in the insurance and underwriting sector, particularly in this current climate of remote working, and the difference between how many firms are detecting breaches compared to the reality of them occurring does suggest that firms need better cyber defence postures that give greater visibility and detection to keep their remote workforce safe.”

Terry Doherty continued: “Operating a remote workforce in the cloud has many benefits, including greater flexibility, diversity and lower overheads, but it’s critical to ensure that teams continue to operate safely, securely and are fully compliant with FCA and GDPR regulations wherever they are working from. With the Government’s lockdown roadmap underway, employers are starting to plan for when restrictions ease with many reporting that hybrid working is here to stay. With employees working outside of the office, using a blend of personal and company devices, firms no longer have a single ‘front door’ to protect but a multitude of entry points to secure against cyber criminals. This is why it’s critical for firms to have excellent cyber hygiene.

“For maximum security but minimum disruption to teams, firms should also carry out a cyber risk assessment at least every six months, including penetration testing, to uncover any critical vulnerabilities or compliance issues. They should also ensure that all devices have multi-factor authentication, so employees keep their identity secure while working remotely. And they should build in comprehensive cyber awareness training for every employee, especially if they’re working outside of the office for the first time. Restrict use of personal devices and ensure that no company information is shared via personal cloud storage platforms where documents can easily be forgotten, and just as easily hacked.

Doherty added, “Your company is only as safe as your weakest link and by empowering employees with the knowledge to identify threats in real-time, they can become your greatest security asset and help prevent cyber attacks”

Share article