Skip to main content

COVID-19 cyber risk – how prepared are you?

May 27, 2020

Significant restrictions put in place to limit the spread of COVID-19 dramatically changed the way in which businesses would run.
Risk & Analytics|Cyber Risk Management|Future of Work
COVID 19 Coronavirus

Overnight, offices began to close with staff adapting to working from home. Businesses had to scale up their IT infrastructure, provide laptops with remote login capabilities and identify their most critical activities in order to conserve sufficient bandwidth on the network.

As a result of those additional activities, many businesses are likely to be experiencing a different risk landscape than prior to the COVID-19 pandemic, consequently it may be prudent to review their cyber risks.

What should I be aware of?

Sadly, criminals have been quick to try and monetise opportunities from the pandemic in the UK. Action Fraud (the fraud and cybercrime reporting centre) has reported a 400% increase in fraud and cyber related scams linked to the COVID-19 pandemic in March alone1 . These have taken the form of traditional online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which haven’t arrived, and over 200 phishing e-mails that encouraged the recipient to click a link and enter personal information.

The losses reported to Action Fraud to these types of scams is significant (£4.3 million up to the 22nd May).2 Employees working from home will potentially be more susceptible to falling for these types of scams as they won’t have the support network to check and validate the “urgent request” that is being asked. It is crucial that you continue to stress the importance to staff around vigilance and reporting when they receive these types of phishing e-mails. Most importantly, if the user has clicked a link embedded within an email, then they should report this to their IT team as a matter of urgency (even where nothing appears to have happened after they clicked the link) as they may have just infected their network.

Action Fraud has published a useful set of themes that fraudsters have used, they include: -

  • Fraudsters purporting to be from a research group that mimics the Centre for Disease Control and Prevention (CDC) and World Health Organisation (WHO). They claim to provide the victim with a list of active infections in their area but to access this information the victim needs to either: click on a link that redirects them to a credential-stealing page; or make a donation of support in the form of a payment into a Bitcoin account.
  • Fraudsters providing articles about the virus outbreak with a link to a fake company website where victims are encouraged to click to subscribe to a daily newsletter for further updates.
  • Fraudsters sending investment scheme and trading advice encouraging people to take advantage of the coronavirus downturn.
  • Fraudsters purporting to be from HMRC offering a tax refund and directing victims to a fake website to harvest their personal and financial details. The emails often display the HMRC logo making it look reasonably genuine and convincing.

Some further useful examples of these phishing e-mails were also published in a news article by the BBC3 , they demonstrate the lengths that criminals will go to in order to capture or disrupt personal and business information.

Ransomware and data breaches

Ransomware and data breaches have always been threats to any business, however with the significant shift to remote working, a network outage due to a ransomware attack or data breach (of any size) during the pandemic could be more significant than before.

It is important that businesses regularly review the type of data they hold, where they hold data, who has access to it and consider using technical security controls such as encryption while the data is ‘at rest’ and in transit around the network. As mentioned earlier, the overnight shift to remote working and upsurge in additional IT devices and applications will have unintentionally redefined the business’s risk landscape. For example, where staff working from home have “smart” devices such as Alexa and SmartTV in their homes, these all have the potential to capture business data.4

The most important thing for customers is that you maintain their trust in your business

The most important thing for customers is that you maintain their trust in your business while you work with them through this crisis, ensuring their data is secure is one of the ways you can do that. In relation to ransomware, it is recommended you maintain regular backups. Consider whether you need to increase the number of times a backup is taken. It is advised that at least one backup is done offline and unconnected to the network; this may help you, should you fall victim to a ransomware attack, and could improve your chances of recovering quickly.

And finally, check you have suitable technical and procedural controls in relation to phishing emails and that staff have an easy way to report these e-mails.

How can Willis Towers Watson help?

Consider the following activities when assessing your cyber security:

  • Has clear guidance been provided to employees on what is allowed when working remotely regarding: printing, cameras, microphones, use of social media and accessing websites.
  • Repeating security guidance frequently as a reminder of good practice.
  • Refresh security awareness training on phishing scams specific to the pandemic.
  • Policies for the use of cameras and microphones for remote teleconferencing may need reviewing.
  • Identify and assess the new risks in relation to previously untested IT third-party suppliers that you now use as a result of the pandemic.
  • The Global Cyber Team at WTW have developed a ‘Pandemic-related Cyber Risk Guidance’ document; this contains a series of practical and actionable recommendations to help our clients navigate and manage their cyber risks during these disruptive times. For more information, or for a copy of the document please email Dean Chapman.


Each applicable policy of insurance must be reviewed to determine the extent, if any, of coverage for COVID-19. Coverage may vary depending on the jurisdiction and circumstances. For global client programs it is critical to consider all local operations and how policies may or may not include COVID-19 coverage.

The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal and/or other professional advisors. Some of the information in this publication may be compiled by third party sources we consider to be reliable, however we do not guarantee and are not responsible for the accuracy of such information. We assume no duty in contract, tort, or otherwise in connection with this publication and expressly disclaim, to the fullest extent permitted by law, any liability in connection with this publication. Willis Towers Watson offers insurance-related services through its appropriately licensed entities in each jurisdiction in which it operates.

COVID-19 is a rapidly evolving situation and changes are occurring frequently. The information given in this publication is believed to be accurate at the date of publication shown at the top of this document. This information may have subsequently changed or have been superseded, and should not be relied upon to be accurate or suitable after this date.







Risk Management Executive - Cyber Risk & Crisis Management

Contact Us