Which Industries Are Experiencing the Most Cyber-Attacks Working From Home?

Specops Software discovered that 41% of employees have not been provided with adequate cyber security training whilst working from home. As a result, Specops Software surveyed 2,043 business owners across 11 different sectors to discover which sector had the highest number of cybercrime threats or attempts since employers have had to work from home.

Specops Software found that 54% of business owners have seen a rise in cybercrime threats, with every sector reporting phishing as the most prevalent attack attempt since COVID-19. Despite this, 52% of businesses would consider a switch to permanent remote working for employees.

The Biggest Security Concerns for Businesses

  • Ransomware – 96%
  • Crypto jacking – 74%
  • Phishing – 67%
  • IoT attacks – 48%
  • Cyber-physical attacks – 39%

Cybercrime Threat Rates by Sector Since Working from Home



Businesses who have seen an increase in cybercrime threats Businesses who would consider permanent WFH
Computer and IT 78% 85%
Medical and Health 73% 32%
Accountancy, Banking and Finance 67% 58%
Charity and Voluntary Work 62% 25%
Customer Service 55% 64%
Marketing, Advertising and PR 53% 79%
Legal Services 47% 28%
Recruitment and HR 44% 79%
Creative Arts and Design 43% 69%
Education and Training 36% 33%
Travel and Hospitality 31% 23%

Almost 4 in 5 (78%) business owners in the computer and IT sector have reported an increase in threats since lockdown. Despite this, working from home still appears to be a viable option for many, as 85% of employers in this sector would consider permanent remote working.

Unsurprisingly, more than 7 in 10 (73%) businesses in the medical and health sector have reported an increase in cybercrime threats since lockdown began. The sector is still highly vulnerable and concerned about future attacks. Therefore, only 32% of businesses in this sector would consider remote working for employees.

Interestingly, 67% of those in the accountancy, banking and finance sector have seen a huge increase in threats, making them the third most likely sector to encounter cyber-attacks whilst working remotely. The sector least likely to encounter cybercrime threats whilst working from home is the travel and hospitality sector, with only 31% noting an increase.

Due to Covid-19, hundreds of thousands of employees have been furloughed or made redundant, therefore making the sector less of a target for cyber-criminals. Despite this, only 23% of employers would consider permanent work from home schemes as businesses start to get back on their feet.

How Can Businesses Stay Safe And Reduce Cybercrime Threats?

Specops Software’s cyber security expert, Darren James, has provided some expertise about how businesses can stay safe:

  1. Make use of tools that can check your current passwords for ones that are on existing breached lists. Encourage users that are using breached passwords to change them.
  2. Encourage the use of passphrases e.g. 3 random words, block the use of any breached passwords and if you are planning on increasing expiry times to avoid the “cached password” issue, look at using these longer expiry times as a way of rewarding the use of passphrases. Also consider reducing complexity as a balance for increasing the length to try an avoid users writing passwords down on post-it notes.
  3. Another common attack vector post COVID, are social engineering attacks on service desk staff. Users are no longer able to visit IT departments in person and maybe calling from public numbers rather than internal, so making sure that your service desk is actually speaking to “Susan from Accounts” and not a hacker is very important, the days of being able to “recognise the voice” isn’t a viable option any more.
  4. Don’t forget to enable disk encryption on all devices that handle corporate data, this includes mobile devices, and use restrictions to block logins from disallowed countries or non-compliant devices.
  5. Don’t forget the basics, make sure you have backups of all business-critical data. Make sure you test the backups and make sure you store those backups in a secure location and in an encrypted state. Review permissions to sensitive data both in the cloud and on prem, to make sure that the right people have the right access to the right data.

Content provided by Specops Software