28 April Blog

Higher fuel prices are quietly reshaping how organisations think about work—again.

What began as a pandemic-driven necessity is now re-emerging as an economic decision: if commuting becomes too expensive, working from home (WFH) starts to look like a practical lever for both employers and employees.
But there’s a problem. Many organisations are revisiting remote work strategies without revisiting the cybersecurity foundations that support them.
The Economic Push Back to Remote Work
Rising fuel costs don’t just hit individuals—they ripple across businesses. Employees feel the strain first, and organisations quickly face pressure to respond:

• Retention risks increase as commuting becomes a financial burden
• Productivity can dip when employees are stressed or fatigued by long, costly commutes
• Talent pools shrink if roles require physical presence

Offering more flexible or remote work options is a logical response. It reduces overhead for employees and signals that the organisation is responsive and pragmatic.
However, this shift is happening faster than many organisations’ ability to reassess the risks that come with it.
The Cybersecurity Time Capsule
During COVID-19, organisations rapidly deployed remote access solutions—VPNs, cloud collaboration tools, endpoint security, and identity systems. These were often implemented under extreme time pressure, with one overriding goal: keep the business running.
Now, years later, many of those same solutions are still in place—largely unchanged.
That’s where the risk lies.
What worked as an emergency response is now being treated as a long-term strategy. But the threat landscape has evolved significantly:

• Attackers have refined phishing and social engineering tactics targeting remote workers
• Home networks remain largely unsecured and unmanaged
• Shadow IT has expanded as employees adopt tools that make remote work easier
• Identity-based attacks have become the dominant breach vector

In short, organisations are relying on “COVID-era cybersecurity” to support a fundamentally different, more permanent remote work model.
The Human Factor: The Overlooked Variable
One of the biggest gaps isn’t technological—it’s human.
During the pandemic, employees were more alert. There was a shared sense of crisis, and cybersecurity messaging cut through. Today, that urgency has faded, but the risks have not.
In fact, fatigue, distraction, and complacency can increase vulnerability:

• Employees working from home may blur boundaries between personal and professional device use
• Informal work environments can lead to relaxed security behaviours
• Increased reliance on digital communication creates more opportunities for deception

If organisations expand WFH without addressing human behaviour, they are effectively widening their attack surface.
Why This Matters to Leadership
For senior leaders, this isn’t just an IT issue—it’s a governance and resilience issue.
Remote work decisions are often made in HR, operations, or executive teams. Cybersecurity, meanwhile, is still too often treated as a technical afterthought.
That disconnect creates risk.
If fuel prices are driving a structural shift back toward remote work, then cybersecurity needs to be part of that conversation at the same level as cost, productivity, and culture.
Moving Beyond the “Set and Forget” Model
Organisations don’t need to abandon their existing cybersecurity investments—but they do need to reassess them.
A few critical questions to consider:

• Are our remote access controls still fit for purpose?
  Or are they simply what we implemented in 2020?
• Do our employees understand their role in cybersecurity today?
  Not during COVID—but now, in a hybrid, evolving environment.
• Are we measuring human risk, or just technical compliance?
• Have we adapted our policies to reflect how people actually work?

This is where a human-centric approach becomes critical. Technology alone won’t solve the problem—especially when the environment it supports has changed.
An Opportunity, Not Just a Risk
There’s a tendency to frame this as a looming problem, but it’s also an opportunity.
Organisations that proactively align their remote work strategies with modern, human-centric cybersecurity will gain:

• Greater employee trust and engagement
• Stronger resilience against evolving threats
• A competitive advantage in attracting flexible, security-conscious talent

Rising fuel prices may be the trigger—but the response can be far more strategic.
Final Thought
We’re seeing history repeat itself—but under very different conditions.
Remote work is no longer an emergency measure. It’s becoming a permanent feature of how organisations operate. Treating cybersecurity as if it’s still 2020 is a risk few can afford.
The question for leadership isn’t whether to support more flexible work—it’s whether the organisation is truly prepared to do so securely.