Category Risk Management

Working Within the New Cyber Normal

15 June 2022 Marsh

Organizations have rapidly shifted to semi-remote working arrangements and thus they must be equally speedy in mitigating the cyber risks created by the expanded “attack surfaces” that have accompanied the “work anywhere” operating models.

To take on the new cyber security challenges of this virtual working environment, organizations must understand the changes in their cyber security risk profile and revamp their strategies, training, and exercises to address these changes.

Marsh Africa CEO Spiros Fatouros discusses four key factors that drive the cyber security risk implications in this new, likely semi-remote, working environment. Organizations should keep these factors in mind when defining how to adjust their cyber security risk programs.

1. An increasing number of cyber attacks
Since the COVID-19 outbreak began, the number of cyber-attacks has soared as hackers have exploited a greater number of weakly protected back doors into corporate systems as well as the human distraction caused by COVID-19-related events. Hackers continue to target key industries. Banks are now fending off nearly three times as many cyber-attacks as cyber criminals flood employees’ inboxes with COVID-19-related phishing emails, often attaching seemingly innocuous files designed to lure unsuspecting employees into executing malware.

2. Changing attack surfaces
The shift to using new teleworking infrastructure and processes may lead to the undetected exploitation of vulnerabilities in existing remote work technologies. Security agencies have warned that a growing number of cyber criminals are targeting individuals and organizations with malware. In addition, cyber risks via business partners and third parties are increasing as well. It is hard enough to prepare internally for a semi-remote working environment but even harder to verify the preparedness of vendors ranging from IT service providers to business process outsourcing firms to law firms.

3. Distracted workforces
A vast number of successful cyber-attacks are caused by human error. Increasingly preoccupied by greater personal and financial stress at home, employees are more vulnerable to cyber threats and “social engineering” cyber-attacks designed to trick them into revealing sensitive information.

4. Multi-stress environment
Security teams are operating in an unprecedented environment in which multiple crises are constantly arising, each demanding significant attention from cyber security and management teams. COVID-19- related challenges will be the baseline for the foreseeable future. Moreover, organizations still have to manage through other crises and stress events, like hurricanes, forest fires, or widespread protests.

Much of the operational shift that has occurred as a result of the pandemic will outlast the immediate crisis and aftermath. To adapt securely, organizations need to understand how their cyber risk profiles have changed and must revamp their strategies, training, and exercises to address threats and minimize risks.

Quick Polls


Each year ordinary consumers and their financial and wealth advisers flock to dozens of asset manager ‘outlook’ presentations to find out about economic and investment trends, and the next ‘hot’ company. What do you want asset managers to share during these events?


Asset allocation strategies
Big picture investment themes and how to position portfolios for them
Investment methodologies and historic fund yields
Share tips by the score
fanews magazine
FAnews June 2022 Get the latest issue of FAnews

This month's headlines

A free smoothie does not make a loyal customer
Consequential loss policy court cases
Everything you need to know about death, disability and severe illness cover post-emigration
Are advisers doing all they can for clients’ portfolios?
Financial advisers need help - navigating the complex ESG fund environment
Subscribe now