You already knew remote workers increase the risk of cyberattack. New data spells out exactly what the impact of a remote workforce is on data breaches and the cost to remediate.
The hybrid workforce is here to stay, so it’s important to understand the ramifications to cybersecurity in order to better assess the risk posed. I’ve written before about how remote workers adopt bad cybersecurity habits while working from home, as well as the increase in security threats because of remote working. But now we have concrete data that shows when a remote workforce is involved in causing a data breach, the results are far worse.
According to the IBM Security’s 17th Annual Cost of a Data Breach report, the average data breach now costs $4.24 Million – an increase of nearly 10% from last year’s average of $3.86 Million. This latest version of the report takes the time to carve out the impact of having a remote workforce. According to the report:
- 5% of the data breaches involved remote workers
- The average cost of a breach was $1.07 million higher in breaches where remote work was a factor in causing it
- Organizations with more than 50% of their workforce working remotely took 58 days longer to identify and contain breaches (and it should be noted that the average number of days is 287, making this nearly a year’s time!)
Now, the answer here is not eliminate the remote workforce. Instead, look at what’s causing the breaches and put controls and solutions in place to stop it.
According to IBM Security, the number one initial attack vector in successful data breaches is compromised credentials – something most phishing emails are after. It’s imperative that organizations address these documented risks in a way that elevates the remote workforce’s security stance, regardless of the location or device they work on. This should include Security Awareness Training to enhance the workforce’s sense of vigilance when interacting with email and the web, reducing the risk of attacks intent on compromising credentials and causing a data breach.