1. Remote work is the top concern.  

The report recommends that companies institute “a formal remote work policy and by adopting the right software tools that ensure company data is safe when accessed remotely” to prevent attacks. 

2. Data breaches are four times more common for companies that allow access to company data.  

Employees should only access data that is critical to their job performance, to prevent cyber attacks “caused both by malicious data theft and accidental data loss.” The companies that do allow full access to company data are more likely to report a data breach (50.7% of breaches reported) as opposed to those that limit data access (12.6%). 

3. Data classification alone is not sufficient. 

Categorizing data as public, internal, and confidential are frequently used by companies (82%), but “these programs alone have proved insufficient to restrict access and prevent data breaches,”.The majority of companies (62%) are still offering employees access to data that they don’t need—and these companies are reportedly 2.5 times more likely to experience a data breach. Data access controls and authentication should be the top priorities. 

4. Phishing schemes are spiking and becoming more harmful. 

“80% of employees report receiving phishing emails, compared to 73% in 2019, and employees are 15% more likely to click on a malicious link.” In particular, marketing employees were the most likely (38%) to click on these malicious links. 

5. A third of employees are hit by account takeovers. 

While account takeovers are nothing new, COVID-19 has resulted in a bump of online transactions. “From 2018 to 2019, TransUnion reported a 347% increase in account takeovers targeting online retail customers. And increased reliance on e-commerce will only make things worse,” the report states.  

6. Improved authentication methods. 

The use of two-factor authentication went up 18% and is used by 82% of businesses in 2020. And the use and biometric data security—such as the use of fingerprints and facial recognition—went from 27% in 2019 to 53% in 2020. 

7. Ransomware affected 28% of businesses.  

Over the last 12 months, nearly a third of businesses were hit with ransomware—of this group, 75% paid. Still, only 70% of those could retrieve their data.  

8. VR/AR use nearly triples. 

In 2020, 17% of businesses harness AR and VR for training purposes—and digital marketing and accounting report even greater use of these tools, up to 35%. Training has moved from the physical to the virtual, and more employees, 71%, are reporting that they must attend security training annually.