Fighting Fatigue: A Whitepaper On Cyber Risk And Wellbeing

Discover how the impact of remote working on wellbeing affects company cybersecurity imperatives.

We've gathered insights from over 43 sources to provide the latest answers on the link between remote working and cyber risk.

In 2020, the arrival of Covid-19 completely altered everyday life, rapidly transforming the business landscape and pushing most commerce and communications online. This has impacted companies in several ways.

Businesses have dramatically accelerated the digitalisation of their supply chain and customer interactions, with McKinsey revealing that organisations are now 3 to 4 years ahead of their digital transformation projections.

The study also reveals that 55% of global products and services are now partially or fully digitised, with 58% of customer interactions taking place digitally.

During the numerous UK lockdowns in 2020, an estimated 46.6% of employed individuals experienced working from home in some capacity.

Although remote working was initially considered a temporary solution, an early Gartner survey indicated it would have a longer-lasting impact, with 82% of companies planning to allow their employees to work remotely at least one day a week.

The Dangers Of A Digital Approach

As businesses establish long-term plans for their hybrid and remote workforce, a key concern remains the security of maintaining a working-from-home approach.

According to research, workers have faced several IT challenges, including:

• 44% with poor connectivity
• 41% with lack of IT support
• 30% with difficulty navigating technical problems

These issues have affected company efficiency, with 54% of employees reporting lost periods of productivity.

Additionally, concerns over security measures are at an all-time high, with 78% of senior IT personnel believing their organisations lack sufficient protection and 20% of business leaders admitting that data breaches are their top cyber concern.

With employees working across different locations, the traditional ‘castle and moat’ approach is no longer viable, offering companies less direct control over cybersecurity.

However, the potential negative impact from remote working stretches beyond IT. Studies are beginning to explore the psychological impacts of remote working on employees, how this affects a company’s overall cybersecurity, and what business leaders can do to counteract this.

How Has Remote Working Changed The Average Workday?

With remote working blurring the lines between home and the office, 56% of employees find it increasingly difficult to switch off after their working day.

Known as the ‘always-on approach’, remote employees are spending more time working, with a study by the Office of National Statistics revealing that they work an average of 5 hours a week more than office-based employees.

Longer remote work hours have led to increased reliance on communications tech, with businesses seeing a 50% increase in overall email use.

Employees now spend an average of 28% of their day reading and responding to emails, with 36% of home workers reporting that they constantly need to be at their computers to respond quickly to messages.

This has caused the average workday to be extended by 48.5 minutes, with 92% of employees who work from home stating they reply to emails outside of office hours.

When remote workers were asked how they felt about this increased use of email, 89% revealed it was one of the most unpleasant aspects of working remotely, with 54% stating they would rather tackle a commute to work than keep organising their email and other message notifications.

Curious about how much time you spend on email? Check out this handy calculator.

Email use is not the only form of communication that has increased. Company use of video chat has grown by 54% since Covid-19 began, with Microsoft revealing that time spent in weekly virtual meetings has grown 150% in the past year.

However, despite the increase in meetings, a study by Harvard Business School shows that overall productivity in meetings has decreased. One-third of workers feel that video calls are one of the most unpleasant parts of their day, with 44% wishing they had more meeting-free days.

The Impact Of Working From Home On Employee Wellbeing

Although remote working has provided many benefits, the combination of extended hours and increased use of digital communication has significantly impacted employee wellbeing, with an estimated 44.4% of remote employees experiencing a decline in their mental health since the start of the pandemic.

Research has also shown that those working from home are 30% more likely to experience a decline in their mental health compared to office-based employees, with fatigue and stress being common.

Feeling high levels of fatigue has increasingly become the norm for those working from home, with 37% of employees experiencing disturbed sleep and 52% feeling they are not getting enough rest overall.

According to SHRM research on the impact of Covid-19 on employee mental health, this has led to:

• 35% feeling tired or having little energy.
• 41% feeling burned out from their work.
• 45% feeling emotionally drained from their work.
• 44% feeling used up at the end of a workday.

This lack of energy and motivation has been felt most strongly during email and video calls.

London South Bank University has found that staff energy levels deplete significantly faster when working from home and engaging in extensive online communication. ‘Email fatigue’ is predicted to be the main reason that one-third of office workers will eventually quit their jobs.

In the UK alone, 800,000 people experienced work-related stress, anxiety, or depression in 2020-21, with an estimated 17.9 million working days lost each year due to mental health-related absences.

For staff working from home, 41% consider themselves highly stressed, compared to 25% of employees who work on-site.

Email is seen as a significant contributor to this stress.

A study that involved monitoring employee heart rate during computer use revealed that the more time spent on email in an hour, the higher their stress levels for that hour.

Additionally, employees report increased anxiety when frequently exposed to after-hour emails, as they induce a feeling of ‘anticipatory stress’.

Staff find themselves constantly alert and waiting for a message to come through, even when they are off the clock, negatively impacting time that should be restful and work-free.

How Does Low Employee Wellbeing Affect Company Cybersecurity?

From a cybersecurity perspective, it becomes clear why an organisation may not be as secure as it believes. Mistakes often contribute to cyber risk and damage within an organisation, often categorised as ‘human error’.

43% of employees have admitted to making mistakes that resulted in cybersecurity repercussions for their company.

Wellbeing should be a crucial part of any cybersecurity strategy, with human error being the leading cause of data breaches in 2020, accounting for 90% of all reported cases.

When considering how low mental health affects an employee’s capacity to work, research has shown that:

• 40% of employees make more flawed decisions.
• 30% cannot concentrate on tasks as well as they should.
• 26% admit to being less productive throughout the day.
• 41% make more mistakes when they are tired.

Fatigue And Cybersecurity

Burned-out employees are:

• 3x as likely to feel that security rules and policies are not worth the effort.
• Almost 2x as likely to pick easy passwords and reuse them for all their accounts.

When sending company emails:

• 58% of employees have sent an email to the wrong person.
• 44% of those workers cited fatigue as the main contributing factor.

Research has revealed that stress can deeply affect our short and long-term memory. When considering the implications this can have on cybersecurity, stressed individuals may be more likely to forget:

• Cybersecurity or compliance training they have completed.
• To check inbound messages for fraudulent links or files.
• To check outbound messages that include sensitive data are being sent to the right recipient.

Why Should You Care?

Neglecting employee wellbeing can have serious implications for cyber risk. So, what are the consequences for organisations that overlook this?

Cost: Cybercrime is estimated to cost the UK £27 billion per year.

Compliance: Failing to meet compliance measures can result in hefty fines from regulatory bodies, with UK GDPR breaches carrying a maximum fine of £17.5 million or 4% of annual global turnover.

Customer Loss: Your organisation's reputation is at risk when associated with a breach of client data, with 20% of companies losing customers due to mistakenly sending an email to the wrong person.

Company Downtime: When experiencing a cyberattack, organisations often face substantial periods of interruption, with the average downtime period around 22 days long.

How To Tackle Poor Employee Wellbeing: Company Culture

To address the rising issue of employee mental health, improving company culture and technology will play a significant role.

There is a worrying lack of support and resources for those suffering from work-related mental health issues.

In a recent survey, less than 1/6 of employees felt their mental health was being well supported, with 51% of respondents feeling the need to put on a brave face at work.

In fact, 68% of workers would rather talk to a robot than their manager about any stress or anxiety they are experiencing.

More comprehensive support should be available to vulnerable workers. 78% of surveyed employees agree that their company should do more to listen to their needs.

With remote working, people lose crucial transition periods between work and home, leaving employees struggling to switch off from work and increasing feelings of fatigue.

In a survey, remote workers at SMEs were asked what their companies could do to help prevent burnout. The responses focused on balancing work-life, with top suggestions including:

• Keep work expectations within working hours - 59%
• Encourage fitness/wellness programs - 59%
• Organise regular ‘fun breaks’ with colleagues - 46%
• Reduce large workloads - 41%
• Encourage taking annual leave - 26%

How To Tackle Poor Employee Wellbeing: Technology

Currently, 42% of UK working adults are afraid of making a mistake that could affect their company's cybersecurity, with remote workers (63%) feeling more at risk from cyber threats than on-site staff (51%).

One way to prepare and protect employees is through cybersecurity training, which businesses often fail to prioritise.

At the start of the pandemic, two-thirds of remote workers had not received any training in 2020, with only 11% of businesses regularly providing security courses to non-cyber employees.

More recently, research has shown that more remote staff (59%) are receiving necessary cyber training. However, when tested on basic cybersecurity knowledge, 61% of surveyed individuals failed.

It's clear that businesses need to increase not just the quantity but also the quality of the training they provide to ensure employees retain the necessary knowledge to make training effective.

One of the most important ways to ensure employee wellbeing and cyber safety is through security software.

Technology is becoming a key component for empowering employees, helping them develop core skills.

45% of remote employees who don’t follow their company’s security policies say they would be more likely to do so if technology was used to help.

In 2020, an estimated 37% of companies increased spending on their data security, investing in one-time password technology (51%), biometric authentication (40%), and mobile identity verification (36%).

⬇️ Download the PDF

References:

How Covid-19 Has Pushed Companies Over The Technology Tipping Point and Transformed Business Forever, McKinsey.

Coronavirus and Homeworking in the UK, Office for National Statistics.

Gartner Survey Reveals 82 Percent of Company Leaders Plan to Allow Employees to Work Remotely Some of the Time, Gartner.

Hybrid Work Security Concerns, HelpNetSecurity.

10 Steps GCs Can Take to Minimise Data Security Risks, LexisNexis.

Optimising the digital workplace in a hybrid work culture, Financial Times, Financial Times.

Survey Reveals the Mental and Physical Health Impacts of Home Working During Covid-19, Royal Society for Public Health.

The Mental Health Impact of Email Overload, WebsitePlanet.

Working From Home: Taking Its Toll on the Mental Health and Relationships of the Nation, Nuffield Health.

Remote Workers Now Say Email Fatigue and Notifications Are Worse Than Commuting, ZDNet.

Vital Signs: Shorter Meetings, Longer Days — How Covid-19 Has Changed the Way We Work, UNSW Newsroom.

The Impact of Covid-19 on Staff Energy Levels and Engagement, London South Bank University.

Health and Safety Statistics 2020/21, Health and Safety Executive.

Days Lost to Work-Related Stress, Anxiety and Depression, Health and Safety Executive.

The Stress of Working From Home, Verywell Mind.

Email Is Making Us Miserable, The New Yorker.

The Anticipatory Stress of After-Hours Email, Colorado State University.

Before You Hit Send: The Dangers of Email Missteps, IFA Magazine.

More Than Sixty Percent of US Workers Admit to Workplace Mistakes Due to Tiredness, PR Newswire.

2021 State of Secure Access Report, 1Password.

UK Workers Feel Pressure to Hide Mental Health Concerns, The Guardian.

Workers Trust Robots More Than Their Managers, HR Magazine.

UK Workers Believe AI Offers Better Career Support Than People, HR Magazine.

The 2021 Working From Home Survey, Wildgoose.

Study Shows UK Workers Are Scared of Making Mistakes, Startups Magazine.

Cybersecurity Failure Rates Among Remote Workers, HR Executive.

What Good AI Cybersecurity Software Looks Like, IT Pro.

Cybersecurity Statistics Survey, TalentLMS.

Cybersecurity Skills Report in the UK Labour Market 2020, UK Government.

How Covid-19 Has Pushed Companies Over The Technology Tipping Point, McKinsey.

Reviewed By:

Sabrina McClune, 21.06.24

Sam Kendall, 21.06.24