Establishing work in the home office
The first lockdown was declared in spring 2020, which presented many SMEs with unexpected problems. From one day to the next, they had to completely reorganize their operations and send as many employees as possible to the home office. What was initially seen as problematic turned out to be easier than expected in practice. Small businesses in particular were able to respond well, as a survey showed. Their bosses are unanimously of the opinion that the switch to the home office worked well and that around two thirds of the employees were able to do their work from home very well.
In the meantime, working in the home office has established itself and very many companies have not completely abandoned it. After all, this work variant also has advantages. The work-life balance is better, the risk of infection is lower and many employees are more motivated and efficient when they can organize their time themselves. However, not all that glitters is gold and there are certainly problems. In particular, the risk of cyber attacks was significantly underestimated. Around a quarter of companies have so far been affected by a cyber attack, around a third of which suffered financial damage. Apparently, the companies had underestimated the risks associated with moving jobs to the workers' own four walls.
Apparently there is no risk awareness
One reason for the increased attacks, some of which were successful, could be the lack of risk awareness among many employees. In addition, according to current knowledge, only around half of the companies have an emergency plan on hand that is used if a cyber attack prevents the continuation of day-to-day business. Only two thirds of all companies regularly train their employees on the risks arising from digitization and on cyber security measures. Many SMEs do not yet have a security concept. According to surveys, only one in ten CEOs is aware of the high risk that the entire company can be incapacitated by a cyber attack.
The other managing directors perceive the risk as low or act according to the motto that nothing will happen to their company. The fact is that many SMEs are far too naive and do not take cybersecurity seriously enough. According to experts, there are still many gaps to be closed here.
A total of 503 managing directors were interviewed for the statements at hand; the survey itself was carried out by the GFS Zurich. Digitalswitzerland as the umbrella organization of SMEs, the National Center for Cybersecurity, the University of Economics (University of Applied Sciences Northern Switzerland), Mobiliar and the Swiss Academy of Technical Sciences commissioned the study.
Conclusion: Cyber risk is greater than expected
The relocation of numerous employees to the home office has been very successful since spring 2020. However, it turns out that the risk of cyber attacks has been significantly underestimated. Around a quarter of the companies that have sent some of their employees to work from home have been victims of a cyber attack in the past few months. It is important to make improvements here and to increase employee awareness of such risks. At the same time, the SME insurance should be optimized for this risk.