Survey Suggests Businesses are Overconfident About Their Security During COVID-19


Hackers and scammers are capitalizing on increased online activity during the novel coronavirus pandemic but security officials don’t seem worried.

Cybersecurity officials and business decision-makers may be overestimating the state of their security in the wake of the COVID-19 pandemic, according to findings from a global survey released this week by cyber firm CrowdStrike.  

CrowdStrike’s Work Security Index found that 89% of the more than 4,000 decision-makers across nine countries polled in mid-April believed their devices were secure against cybersecurity threats while working at home. Half of those surveyed said they believed the likelihood of their business experiencing cybercrime was less or roughly the same during the COVID-19 pandemic, even as 60% of those working from during the crisis conduct work from home on personal devices.

However, the survey—conducted by YouGov on behalf of CrowdStrike—suggests decision-makers may be overconfident in their views. Separate CrowdStrike data tabulated twice as many cyber intrusions in the first quarter of 2020 as there were in all of 2019. Moreover, the company is tracking a 100x increase in the attempted distribution of COVID-19 themed malicious files over the past month.

“Cybercriminals are using people’s fear and shifted workplace environments to benefit themselves financially through the use of stolen data. We have seen a rise in COVID-19-themed scams, phishing and even disinformation campaigns, and there’s no sign of these attacks slowing down,” Michael Sentonas, chief technology officer at CrowdStrike, said in a statement. “As more work is conducted from home, businesses must stay vigilant and take necessary precautions to maintain security of their networks, devices and data.”

According to the survey, the results of which CrowdStrike will publish in a blog post in mid-May, officials may be further overestimating their security due to lack of guidance from leadership. More than half of those surveyed said their company had not provided additional cybersecurity training on the risks of remote work.