top of page

Survey highlights cyber security risks of remote working

Work from home: why we’re still banging this drum as we learn to live with and work through these weird post-pandemic times.

We’ve posted numerous blogs on remote working, returning to work, and then WFH again.

But now, following the results of a survey by software provider Dilligent, we have yet more scope to raise the topic once more…and it probably won’t be the last time, either.

The thing is, maintaining an element of remote working beyond the pandemic is a prospect for many UK organisations. It’s important, therefore, that people remain conscious of the potential cyber security risks attached to working from home.

The numbers from the survey were big. It revealed that:

  • UK businesses lost £374 million in 2021 due to cyber breaches largely linked to staff working from home.

  • 450 senior finance and risk professionals at UK-listed companies responded to the survey.

  • 64% of respondents said their company had experienced a cyber attack or data breach in the last 18 months.

  • Out of those who reported an attack or breach, 82% said tech issues or behaviour linked to remote working was the cause, and 75% said they had lost money as a result.

The NCSC, typically, has some advice. Their home-working guidance urges organisations to make security considerations unique to remote working environments around the use of business tools, including VPNs and SaaS applications, as well as security threats like phishing.

They have also produced a ‘Top Tips for Staff’ e-learning training package for organisations to share cyber security best practices with their staff.

Organisations can test their defences against a cyber attack linked to remote working by using the NCSC’s free Exercise in a Box toolkit.

We also have further reading on working from home below:



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page