Product Family

What will the cyber landscape look like now that a pandemic has hit?


Just as criminals prey on victims when they are at their most vulnerable, for example, after a natural disaster, COVID-19 will be no different. Since the pandemic hit, we have seen an explosion of phishing and malware campaigns, with many of our own contacts reporting up to a 300 percent increase in phishing attacks since February 20201  (many posing as COVID-19 information or resources).

The uptick in attacks couldn’t be happening at a worse time. As businesses operate from remote locations, IT resources are stretched thin and employees, facing a multitude of new challenges working from home, will invariably struggle to remain as vigilant to cybersecurity threats as they are under normal working conditions. 

And yet, it’s at times like these when more than usual vigilance is required. Employees working remotely may have less secure connections, including Wi-Fi connections and shared devices. Remote workers will also have plenty of distractions that can divert attention and increase the likelihood of a phishing email being overlooked.

In the short term
Under regular circumstances, corporations globally suffer cyber losses amounting to trillions of dollars annually. For example, according to one study, the forecast for the global cost of cyber crime pre-pandemic was expected to exceed $2 trillion in 2020. Now that companies are thrust into conducting business from multiple locations with little or no preparation, that number is likely to increase.

As companies rely on unfamiliar technology, such as video conferencing tools, and as employees connect to company servers using unsecured devices, increased opportunities for cyber attacks will continue to push that total higher.

Other areas of vulnerability include:

  • Online video and chat sites
  • Home routers and Wi-Fi connections
  • Mobile devices (typically, these have less security)
  • Popular apps, including shopping apps, that could have security gaps

While all industries are vulnerable, hackers are paying particular attention to organizations in and around the health care, pharmaceutical and research sectors, while also targeting academia, financial institutions and e-commerce businesses.

As IT professionals scramble to update systems, install patches, and help businesses secure remote operations, hackers will increase their efforts to gain access to company networks via any method they can.


Looking ahead, we forecast the following trends...

Looking ahead, we forecast the following trends:

  • Increased scope for social engineering: Social engineering has always been a successful attack vector for hackers. Hackers will know that employees will now need to communicate with IT and with management remotely, and they will look to exploit that need. Hackers can pose as IT support, as representatives of the company’s financial departments, or as managers in the company requesting sensitive company information, for example.
  • More opportunity for physical access-based attacks: With offices now standing empty, these are now also highly vulnerable. Hackers may attempt to gain physical access and either steal your devices or easily install malicious hardware or software on them.
  • Software vulnerabilities: Manufacturers are rushing out new update releases or new software versions in an attempt to respond to businesses needing remote operational capabilities. However, there may be overlooked security issues that emerge from this. The same applies to current software. If security updates are rushed without proper testing, your systems may be even more vulnerable once your company devices are updated.
  • Theft of video conferencing credentials: As each employee logs on to your video conference app or website, a hacker could be looking in, as well. Hackers can post video conferencing credentials on the dark web, which leaves your company’s proprietary information – and in some cases, your entire systems – open for anyone to steal. When setting up video conferences, be sure to use passwords and use the waiting-room feature so that you’re able to screen who is attempting to join your meeting. For optimum safety, change passwords for each video conference.
  • COVID-19 phishing messages: While phishing attempts were already a problem pre-pandemic, remote workers can now expect to see emails impersonating officials from the Centers for Disease Control and the World Health Organization, among others. Once an employee clicks on a link, they could be taken to a website that looks legitimate but is actually a dummy site set up by hackers to mirror sites of legitimate organizations. Hackers recently constructed one such dummy site to mirror that of the Internal Revenue Service’s site for government stimulus payment information.

Protecting your remote operations
How should companies be addressing these heightened cyber security risks with employees? Consider taking the following steps:

  • Talk to employees: Open the lines of communication with your employees about the risks they face. Many companies are setting up conference calls and email threads that discuss these heightened risks and what employees should do if they encounter a suspicious email or other request. Depending on the type of business you operate, the frequency of that communication will vary.
  • Reinforce communication: No matter how often you talk with employees, do follow ups on email communications with a video conference. Employees can then discuss how to best address potential threats, and they can be part of building the reporting process. Conference calls are a great time to emphasize that no concern is too small. Over-reporting of any potential issue should be encouraged.
  • Establish a clear reporting process: When an employee receives a suspicious email or phone call, what should they do with it? Your employees need to have a way to report suspicious activity that includes:
    • Where to report
    • What actions they need to take
    • How the report will be handled
    • When they can expect a response
  • Simplify the process with automation: Set up a dedicated email inbox that routes emails directly to the IT support staff and determine a response time that fits within your organization’s capabilities. Some companies are able to offer 24-hour support, but that may not be feasible for your company. Some organizations have icon-style buttons on their email applications that allow employees to move any suspicious email easily into a dedicated portal that is controlled by IT. The IT team can then examine the email and determine its legitimacy.
  • Educate your workforce: The most critical – and the most often overlooked – aspect of cybersecurity is educating and training the workforce. In order to report issues, your employees need to understand how to identify them. Even in a remote environment, your company can help employees spot phishing emails through tabletop exercises and quizzes to assess their level of preparedness. Follow-up video conference calls can reinforce your company’s cyber best practices.
  • Set clear expectations: Set clear expectations on what your employees can and cannot do. With additional platforms and applications, employees can become frustrated quickly with having to remember login credentials for each system. You should therefore emphasize the importance of not disabling encryption and password protection in software. Do not allow any employee to reconfigure devices to remove some of their security protocols. These systems are essential to protecting company data.

Remote cybersecurity, today and beyond
As the impact of the COVID-19 pandemic continues to drive businesses into remote operations, cyber criminals will be emerging in greater numbers and attacks will rise in frequency. The sharp spike in phishing and malware attempts can be expected to continue well into 2020 as the world grapples with both the health risks and the economic impact of COVID-19

Whether businesses are operating remotely on a temporary basis or more permanently in the future, cyber crime will continue to be a threat to their viability. By increasing your employees’ awareness along with your company’s own diligence, you can add an extra level of cyber protection and keep your business thriving through this period of uncertainty.

To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. In this respect, our property loss prevention publications, services, and surveys do not address life safety or third party liability issues. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. The provision of any service does not imply that every possible hazard has been identified at a facility or that no other hazards exist. AXA XL Risk Consulting does not assume, and shall have no liability for the control, correction, continuation or modification of any existing conditions or operations. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any document or other communication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with our services, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.