• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
CIIA+blog+image.jpg

Mind the Gap: cyber security risk in the new normal

March 30, 2021

Cyber security continues to be one of the key risk areas that organisations face.  Widespread remote working and the increasing pace and sophistication of cyber-attacks has meant that this risk has been particularly exacerbated during the COVID-19 pandemic.  Notably, weakened human defences owing to stress and isolation have left organisations particularly vulnerable to potential attacks.  The possible consequences of a successful cyber-attack could have a catastrophic impact on organisations long-term sustainability particularly during this challenging operating environment for businesses. 

This is why the Chartered IIA’s research, Mind the Gap: Cyber security risk in the new normal, aimed to understand what organisations are doing to manage and mitigate cyber security risk, and the role they play in promoting a cyber security awareness culture. 

The findings highlighted a concerning gap between understanding the importance in establishing a strong cyber security culture and, the steps that organisations are taking to achieve it. 

Almost all respondents (91%) said that implementing a stronger cyber security culture within their organisation would prevent potential attacks.  However, in comparison, only 65% reported that employees at all levels are aware of and recognise their role in cyber security.  Similarly, only a third (33%) of senior internal auditors reported assessing whether their organisation had invested in security training for employees adapted to the new remote working environment. Clearly there is more work to be done here. 

A strong and effective cyber security culture is crucial for organisations’ cyber resilience. Employees are one of the key defences in cyber security and appropriate training can ensure that they understand and play their part in mitigating the associated risks by acting as ‘human firewalls’.  After all, businesses are only as strong as their weakest link.

The impact of the pandemic on cyber security practices has also been highlighted.  We know that cyber-attacks can have a catastrophic impact on organisations resilience.  Over half (51%) of business have suffered a cyber-attack in the last 12 months that had an impact on products and services. Taking into account the challenges that organisations are currently facing, perhaps it was not surprising that the biggest barriers to implementing better cyber security practices are competing priorities (48%), employees working remotely (42%) and insufficient budget (27%).  Clearly this suggests that there could be added value in strong and effective cyber security culture practices in place to mitigate the impacts of crises on organisations. 

A strong cyber security culture that is led by the belief that cyber security is not an IT risk but rather everyone’s responsibility, would ensure that the associated risks are in mitigated in 2021 and beyond.  That is not to say that technological controls will not remain relevant.  With organisations considering a hybrid way of working beyond the pandemic, a combination of technology and awareness to mitigate human error will be the most effective defence in the new normal.

Kristina Ginkina is Policy and External Affairs Executive at the Chartered Institute of Internal Auditors and author of ‘Mind the gap: cyber security risk in the new normal’ which is available on the Institute’s website at www.iia.org.uk

Tags: Kristina Ginkina
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson