Article

Accelerated digitalisation leave businesses susceptible to cyberattacks

The COVID-19 pandemic has significantly changed how both consumers and employees, interact with businesses. It has driven UK consumer consumption patterns online and is likely to accelerate structural changes in sectors such as travel, services and hospitality. Companies have had to suddenly turn to remote working and online channels in response to the lockdown, leaving them vulnerable to cyberattacks.
 

Consumers are likely to continue using digital channels

In the past months, spending intent of UK consumers via digital channels was driven by the lockdown, but even as restrictions ease, almost 40% of consumers plan to use online options to shop in the coming weeks, though concerns about personal data security remain.1


Digital channels were not used just for shopping; consumers have started to learn, work, shop, entertain themselves, connect with others via video chats and even improve their well-being using online fitness and wellness apps. Even traditional in-person business services are shifting online, including medical consultations, education, legal and accountancy services.

During lockdown, 22% of respondents used online banking more than they normally did, 24% said they played online games more and 14% had more phone or video appointments with health practitioners. Over 60% of respondents who used online banking more during lockdown say they are likely to continue doing so at the same frequency, once restrictions have been lifted.2

Consumers are likely to continue using digital channels even as restrictions lift, more than half of UK consumers are likely to continue using digital services such as streaming entertainment (57%) and video conferencing with family and friends (47%). Virtual meetings, whether with a doctor or a personal trainer, are also likely to continue, with nearly a quarter of respondents saying they would use these digital services in the next four weeks.3

The online shift could potentially increase the influence of consumer generated reviews, making it imperative for businesses to respond quickly to any concerns on quality and safety. With both customers and employees more likely to work or shop from home, driven by safety reasons, the pressure on digital security continues to rise.
 

Businesses reel under cyber security concerns

The UK government reported that almost half of businesses (46%) have reported having cyber security breaches or attacks in the last 12 months, ending in March 2020. Among the businesses that identify breaches or attacks, 1 in 5 have experienced a material outcome, such as losing money or data. Almost 40% were negatively impacted, for example, requiring new measures, having staff time diverted or causing wider business disruption. The nature of cyberattacks has also evolved, among those identifying breaches or attacks, 86% had phishing attacks (up from 72% in 2017), 26% were impersonated and 19% had malware and ransomware.

The majority of businesses (80%) said that cyber security is a high priority for their senior management however, not all sectors are equally concerned. The food and hospitality sector and construction sector both tend to treat cyber security as a lesser business priority - only 69% and 70% said it is a high priority, respectively. Businesses in the food and hospitality sector are also among the least likely to put rules or controls in place. For example, fewer said they have network firewalls in place (73%), versus 83% of businesses overall.4

 

Driven by Covid-19, organisations across industries are racing to digitally transform their operations and secure their future. However, hasty decisions related to digital adoption have added substantially to cyber security issues. Cyber security will need to be pushed to the top of the agenda, securing businesses against the vulnerabilities of video conferencing platforms, to the explosion in the use of personal devices on corporate networks. Research indicates that 50% of enterprises were concerned about cyberattacks and data fraud due to a shift in work patterns.5 Each employee who works from home presents a new gateway into a company’s network. Additionally, the functioning of many security teams is likely to be impaired due to the pandemic, making detection of malicious activities difficult and responding to these activities even more complicated. The increased dependency on third party technology providers also poses a risk, as these companies too have had to manage their own pivots to keep up with shifting needs and to institute new ways of doing business.

A study of threat activity on networks showed more intrusion attempts in the first half of 2020 than in all of 2019. The changes observed in the frequency indicate that cyber criminals have adjusted their targets in response to the rapidly shifting economic conditions driven by the COVID-19 pandemic. While retail and hospitality sectors saw a drop, the food and beverage, financial and healthcare industries all saw spikes in interactive intrusion activity. These industries in particular, have experienced a more complex operating environment during the pandemic due to supply chain disruptions and dramatic changes in demand.6


Security vulnerabilities pervade the travel and leisure sector

The travel and hospitality sectors in particular, deal with a myriad of security vulnerabilities from external elements such as mobile payments, biometric information to customer engagement and loyalty apps, live chat, online concierge services, loyalty points or currency, Wi-Fi connectivity and the additional internal elements such as personnel management, stock supply control, points of sale, etc. The sectors also manage huge volumes of personal data such as passport and identification documents that are considered valuable for cyber criminals. Additionally, travellers may put both themselves and their organisations at risk that goes beyond the cost of replacing exploited equipment to criminals accessing sensitive and confidential data through public Wi-Fi and the installation of spyware. Criminals are also pretending to be businesses or using hacked data to take advantage of the uncertainty around coronavirus travel restrictions, offering fake travel deals, refunds and cancellations, to target their victims and commit fraud. Other potential risk is the use of wearable technologies, for instance, theme parks and cruises use sensor technology to create connected, radio-frequency identification RFID-based wristbands that help guests to access areas and make digital purchases. The pandemic will likely result in an increase of these wearables to assist in contact tracing and tracking of visitors as a safety precaution.

The increasing digitalisation and the introduction of advanced technology-enabled solutions, from Internet of Things (IoT), cloud computing, AI, and data analytics in the transport and logistics sector means that this industry, too, has become a target for cybercrime. The existence of the multiple complex links in the logistics chain and the large number of small players handling goods on behalf of third parties also make the sector particularly vulnerable. When it comes to cyberattacks, the most obvious consequences are the loss of products, cargo and freight, and any direct repercussions for the client. However, the impact can be much more extensive, for example, unauthorised use of the freight forwarder’s logistic planning system, misuse of the goods tracking system, the introduction of viruses into the recording applications of radar systems, or even the disruption of nautical navigation systems, can all have vast financial consequences for the company as well as its clients and suppliers.

Another data and cash rich industry is the online gaming and gambling sector, which is a key target for cyber criminals. With video games and gambling apps, hackers gain access to all kinds of potentially lucrative information such as personal data, credit card numbers and in-game purchases. Companies with relatively lax security procedures face high risk from money laundering crimes where hackers can buy and sell using in-game currency or cryptocurrency. Additionally, most companies use low-friction authentication measures across the various access points such as mobile, computer, console or virtual reality sets, because increasing friction drives customer attrition and results in a loss of revenue. From a consumer perspective, gaming and gambling apps are seen as having a low risk and, as a result, tend to be less careful. Adding to these challenges is the fact that developers are pressured to deliver more products at a faster pace, meaning there are more bugs and security issues for cyber criminals to exploit. The industries have very real risks to contend with from network and app-based hacking, data harvesting malware, ransomware, distributed denial-of-service (DDoS) attacks, etc. In addition, new ways of playing, new technologies and the development of cryptocurrencies have the potential to increase the risk further.

Increased connectivity also leads to new cyber considerations in addition to the large amounts of consumer data companies may hold. The proliferation of wearables and connected devices has blurred the lines between technology, operations and the product environment. The potentially serious consequences of cyberattacks in an increasingly digital and connected society are exacerbated by the public relations damage from security breaches that increase major media coverage as well as financial penalties.
 

COVID-19-induced business operating model disruptions intensify cyber risk

In an increasingly connected world, cyber security in any situation will need to be a combination of technology, people and process. Stretching across environments and stakeholders alike, the scope of cyber is vast, complex, and difficult to coordinate. Security and risk management leaders must take pre-emptive steps to ensure the resilience and security of their organisation’s operations as attackers seek to exploit human nature and nonstandard operating modes. As businesses evolve rapidly, the people responsible need to evaluate and manage risks. They will need to continually adjust practices, protocols, training, and contracts both proactively and reactively.

For consumers driven by the pandemic, fast and reliable connectivity and ownership of devices through which they can access digital content, have become more important than ever. Organisations have an opportunity to communicate and engage with a new online audience and support loyal customers using digital platforms. However, for businesses to capitalise on these opportunities they need to ensure cyber safety. Companies will need to reconsider their offerings to accommodate a new security landscape amid major disruption as well as monitor customers’ needs and adjust accordingly. Cyber is more than just a technology issue, but a strategic business risk that now accelerated by COVID-19, will continue to impact every facet of every organisation.

_______________________________________________________________

End notes:

1 Global Sentiment Survey 2020, Deloitte, accessed August 2020.
2 Digital Consumer Trends 2020, Deloitte, release August 2020.
3 Global Sentiment Survey 2020, Deloitte, released June 2020.
4 Cyber Security Breaches Survey 2020, National Official Statistics, released March 2020.
5 COVID-19 has disrupted cybersecurity, WEF, released July 2020.
6 Threat hunting report 2020, Overwatch Crowdstrike, released July 2020

For more specific consumer behaviour insight from our global survey, please access our Global hub.

Did you find this useful?