skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.

Omdia view


The effects of the coronavirus are far-reaching in the business world and the information security function is no exception to this disruption. In this light, business continuity and resilience have never been more important. Even before the outbreak of COVID-19, these topics were high on the agenda of CISOs, and the information security function has a crucial role to play.

Dealing with the enterprise disruption caused by COVID-19 starts with risk and leads into security

The information security function is not an island or an ivory tower. Omdia (as Ovum) has long focused on the “big picture” of cybersecurity: technology as one of the triumvirate of people, process, and technology that comprise security controls. Furthermore, the influencers on security: governance, risk, and compliance, are crucial inputs to an organization’s security posture.

For the information security function, dealing with the disruption caused by COVID-19 starts with the risk function and leads into security. This virus is clearly a risk to many organizations. Using the common risk equation, likelihood multiplied by impact, the likelihood of an enterprise being affected by COVID-19 is increasing by the day, and the level of impact on the organization can be very low to very high. Risk mitigation can be anything from standardizing on remote working, to switching suppliers, to reducing the working week, which are all real-world very recent examples.

Even while the risks are being assessed, the information security and IT functions should ensure that “remote working” plans are up to date and that all affected employees (and contingent workers) have access to the tools, technology, and equipment they need to be able to operate effectively outside the office environment. Security controls are about people, process, and technology and the human factor should not be forgotten. Some of those new to remote working will need to be trained appropriately (and some others are likely to benefit from a reminder), so quickly rolling out updated remote worker training will be beneficial. We have also seen a sharp rise in using coronavirus for phishing emails, so make everyone connected to organizational systems and data aware of this and to report any suspicious emails.

In addition, take advantage of “technology champions” throughout the business. This includes individuals who have good knowledge of business systems and technology, but who do not work for IT. Ensure that these people are engaged and empowered by IT with the information and tools they need to support their colleagues.

Enterprises should be testing their business continuity and resiliency plans, and the information security function plays a key role in this. Resiliency objectives should be aligned with business objectives to minimize the impact of a variety of risks, including environmental ones such as COVID-19. The information security function will work with business continuity and resilience specialists by providing assurance that security risks are being managed within acceptable levels.

COVID-19 knows no boundaries and the same should apply to the information security function, working across the enterprise to mitigate the risks appropriately.


Further reading

“Tech companies pitch in to fight COVID-19,” INT002-000279 (March 2020)

“The COVID-19 quarantine will allow us to reimagine our businesses through a human lens,” INT001-000185 (March 2020)

“Recent world events highlight the need for a robust approach to business continuity and remote working,” ENS001-000100 (March 2020)


Maxine Holt, Research Director, Cybersecurity

[email protected]

Recommended Articles

  • Close encounters of the remote kind

    Work from home (WFH) was a lifesaver for many enterprises during the COVID-19 pandemic, but there are some negative effects to consider. WFH reduces serendipity, affects lifestyles and mental wellbeing, and can disengage participants.

  • Ovum

    Telecoms IT Contracts Analytics Tool: Half-yearly Analysis, 2H19

    Contracts analysis. A quantitative analysis of telecoms IT contracts spanning OSS, BSS, data management, and analytics segments announced in 2H19. Monetization and management of digital technologies are key drivers for CSP investments.

  • Ovum

    Payments Technology Spending Through 2024: Source Segmentation

    This interactive model provides market sizing and forecasting of technology spending across the payments sector from 2018 to 2024, with a view of spend across technology source.