Skip to content
Webinar playback: Is there a cyber debt left by Covid-19?

News -

Webinar playback: Is there a cyber debt left by Covid-19?

Ade Clewlow, Senior Advisor, NCC Group

With rapid digital transformation, financial pressures, and a mass shift to remote working, many organisations have struggled to maintain their previous levels of cyber resilience over the last year.

This has built up a cyber debt that is affecting a wide range of businesses. To truly understand its scale and impact, we spoke to 290 cyber security decision makers from across public and private sector organisations about the challenges that they’ve faced this year.

We found that budget cuts have significantly affected cyber spend over the last 12 months. Three out of ten businesses experienced delays or a cancellation of their cyber resilience projects, while one in five had to furlough staff responsible for cyber resilience programmes.

This reduction in resources has already had an impact on business resilience. Of those that reported cuts to budget, 70% also stated that they’d seen an increase in cyber attacks, while two-thirds of businesses reported internal skills shortages and an increase in insider-related incidents.

These issues have been exacerbated by changing working habits over the last twelve months. 21% of organisations expect staff to use more of their own devices while working in 2021, which makes effective security monitoring far more difficult. Meanwhile, digital transformation and cloud solutions are here to stay, which can contribute to a build-up of cyber debt.

To discuss the scale of today’s cyber debt, and how it can be paid off, I was joined on our latest 'Big Three' webinar by cyber experts Mark Ward, global chief information security officer at Interserve IT, Katharina Sommer, head of public affairs at NCC Group, and Tim Anderson, group commercial director – managed detection and response at NCC Group.

Here's the key topics we discussed:


Quantifying cyber debt is extremely complex. With changing working habits, it’s hard for organisations to understand what the future could look like – and therefore, how their level of cyber debt might change.

However, it’s important for organisations to understand their current risk profile and adapt their operations where necessary. Threat actors are seeking to take advantage of security weaknesses, while business leaders’ focuses are on other operational concerns – which introduces a new element to existing threats.
Understanding any current vulnerabilities and areas for improvement is the first step towards quantifying cyber debt. A Cyber Security Review is a useful way of benchmarking your organisation’s resilience against peers, and provides clear actions that can help your business begin addressing this cyber debt.


Many security decision makers are already aware of the importance of increased security investment. Our research found that two-thirds of organisations plan to increase cyber security budgets this year, and that the amount spent on outsourcing security expertise will increase.

For many organisations, showing a return on investment on security efforts remains a challenge. 90% of respondents highlighted that they struggle to quantify the cost versus benefit of cyber security. For IT leaders, articulating security risk in terms of business priorities is key.

It’s also important for all employees to take ownership of this issue of cyber debt. This can be achieved by ensuring that all staff are aware of what they can do to maintain cyber resilience. A safety-first culture, an effective technology strategy, and investment in both internal and outsourced skills can all make a significant difference.


To begin paying down this cyber debt, organisations must first understand their own risk profile and strategic priorities.

Once businesses understand the level of risk they face – and the level of risk they are willing to accept – it’s possible to build a list of priorities as part of a security improvement plan, and begin working through these. This type of plan maps out the short, medium and long-term strategic measures that can significantly improve your security posture.

While organisations may not be debt free in a matter of months, now is the perfect time for business leaders to address the issues that have built up over the last year, and begin paying off their cyber debt.

To find out more about how your business can quantify and address cyber debt, you can watch the full webinar, ‘The Big Three: Is there a cyber debt left by Covid-19?’, on-demand here.



NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7721577574

Related content

Related events

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom