The Human Factor 2021

The tragedy, upheaval and historic changes of 2020 have been documented countless times over. But as organisations around the world take their first cautious steps to normal, “the year that wasn’t”1 still holds valuable lessons worth exploring. That’s especially true in the realm of cybersecurity.

As the global pandemic upended work and home routines, cyber attackers pounced. They exploited suddenly unfamiliar work settings and people’s fear, uncertainty and doubt to trick users and compromise organisations. And now in 2021 we’re seeing what happens when emboldened cyber criminals press their advantage, as a rash of ransomware attacks target high-profile businesses and infrastructure.

People are returning to offices, factories, shops and show floors. But some pandemic-era trends may be here to stay. Many workers will enter hybrid arrangements, splitting their time between their homes and communal workspaces. Distributed teams will collaborate across geographies and legal jurisdictions. Shifts in ecommerce, the cloud and other areas, well under way before the pandemic, have only accelerated.

No matter what the post-COVID world looks like, protecting people—wherever and however they work—will be an ongoing challenge.

About this report

From its inception in 2014, The Human Factor report was founded on the simple premise that people—not technology— are the most critical variable in today’s cyber threats.

Since then, this once-contrarian notion has become a widely acknowledged reality. Cyber attackers target people. They exploit people. Ultimately, they are people.

To effectively prevent, detect and respond to today’s threats and compliance risks, information security professionals must understand the people-centric dimensions of user risk: vulnerability, attack and privilege. In practical terms, this means knowing:

• Where users are most vulnerable
• How attackers are targeting them
• The potential harm when privileged access to data, systems and other resources is compromised

Addressing those elements—the human factor of cybersecurity—are the core pillars of a modern defence.