BSI research reveals organizational concerns related to the hybrid office and shadow IT

While the hybrid office model is seen as a flexible solution to allow employees to efficiently perform their daily duties while keeping them safe, it also generates potential cybersecurity risks if left unmanaged. Risks in this scenario are primarily based around loss of visibility of employee activity and data, employee susceptibility to phishing attacks, and employees using shadow IT.

BSI’s research found that almost half of all organizations are unprepared for the implications of ‘shadow IT’ on their business in a hybrid office scenario. This is when an employee uses an unsanctioned cloud service, device, or software, for their work, which can often lead to an increased risk of a data breach. In a rush to enable the business to work remotely, IT teams may have put solutions in place that did not go through normal security governance lifecycle processes.

Stephen explains: “We are witnessing cybersecurity risks and threats mounting daily and working from home may be causing additional employee fatigue, leaving potential for poor judgment when it comes to identifying risks and deciding whether to click on a potentially malicious link or attachment. The lack of governance and the haste to empower remote users creates opportunities for hackers as traditional security mechanisms can often be absent.”

“There is potential for data leakage through cloud services as well as the use of BYOD (bring your own device). The assurance over the security of the BYOD can be lost, and potential questions arise over ownership and access to data. Approved corporate devices are advisable that traditionally provide encryption, patching, web filtering and anti-malware. For these reasons it is important that IT managers educate about data management and clarify shadow IT and BYOD policies.”

“We encourage employers to carry out regular awareness training and education around cybersecurity risks. All levels of an organization need to be aware of cybersecurity risks, especially senior management. The current environment we are living in has exacerbated the threats, meaning cybersecurity needs to be at the core of business decisions now more than ever,” concludes Stephen.

The Consulting Services team at BSI provides an expansive range of solutions to help organizations address challenges in cybersecurity, information management and privacy, security awareness and compliance. For more information visit


Notes on Research:

Research took place as part of BSI cybersecurity and information resilience series on readiness to reopen the office and the new Hybrid office dynamic. Respondents to the research included C-Suite, Director, Management and Middle Management positions. Respondent sectors covered banking and finance, food and retail ICT and telecoms, manufacturing, and engineering as well as pharma/healthcare and medical devices, transport and logistics and professional services.