Reprinted with permission from Finance Derivative—the original article can be viewed here.
Last year, research conducted by insurance broking and risk management firm Gallagher found that over two-thirds (69%) of businesses have adopted a hybrid working style due to employee demand for greater flexibility in their working life post-pandemic. With organisations continuing to redefine the modern workplace, the debate between hybrid, remote, and in-office models remains at the forefront. However, beyond productivity and flexibility, these new work arrangements carry significant implications for corporate culture, ethical behaviour, and risk exposure.
With no one-size-fits-all solution, businesses face the challenge of not only selecting the right model but also understanding the impact of that choice on employee engagement, trust, and compliance. Ty Francis, MBE, Chief Advisory Officer at LRN Corporation, explores how evolving work environments are transforming ethical expectations and why organisations must adapt their risk and culture strategies accordingly to their working environment…
Shifting risks for businesses in a changing work environment
As expected, the choice between remote and office work presents a range of new challenges for businesses. There’s no denying that remote work, which requires employees to have their own laptops and logins to numerous accounts, can increase vulnerabilities, including cybersecurity risks. Additionally, there is a risk of reduced oversight of ethical conduct and employee disengagement if they are isolated for long periods of the day. However, on the other hand, office-centric models may face higher turnover if employees feel a lack of flexibility or autonomy, something which has become a requirement for many individuals in a post-pandemic world. In fact, workplaces that are already challenged to diversify and retain employees often find that providing an ill-conceived hybrid work model can have a negative impact on performance, leading to increased employee turnover, decreased inclusion, and ultimately harming the overall performance of the team.
The evolving nature of the global workforce is further complicated by a shifting regulatory landscape. Notably, recent indications from the U.S. Department of Justice about potentially scaling back enforcement of the Foreign Corrupt Practices Act (FCPA) have raised concerns among corporate compliance professionals around the world. This speculation has sparked concern that white-collar enforcement may no longer be a priority in the U.S., increasing uncertainty and pressure for global compliance teams. Amid these complexities, maintaining an ethical corporate culture, alongside ensuring psychological safety and employee well-being, is becoming a central focus across both remote and in-office environments.
Hybrid work: The “Goldilocks” model for ethical culture
As the return-to-office debate continues, we’ve seen some of the biggest names in business, including Goldman Sachs, BlackRock, Amazon, Meta, TCS, AT&T, and even Zoom (ironically), make headlines last year when they apparently doubled down on in-office mandates.
Yet as the research shows, more companies are settling instead on a hybrid model, and for good reason.
LRN’s 2024 Benchmark of Ethical Culture Report, drawing on data from over 8,500 employees across 13 industries and 15 countries, found that hybrid work is the clear cultural outperformer. Hybrid employees made up the largest share in “strong” ethical cultures, reported fewer instances of misconduct than fully in-office peers, and were more likely to speak up through formal corporate channels. Women working remotely or in hybrid arrangements also report higher psychological safety and fewer microaggressions, according to research by LeanIn.Org and McKinsey.
Complementary findings from LRN’s 2024 Code of Conduct Report show that 67% of hybrid employees actively use their company’s code of conduct, compared with 60% of in-office and just 50% of fully remote workers. But confidence that the code is being followed drops from 90% among senior leaders to 69% among frontline employees, highlighting the need for stronger ethical communication across the organisation, especially with middle managers.
Other reasons hybrid models tend to perform better in terms of ethical engagement are that they strike a balance between autonomy and accountability. By maintaining both virtual and face-to-face interactions, employees are less likely to feel isolated while still enjoying flexibility, which can strengthen a culture of trust. Regular in-person touchpoints, such as team meetings or workshops, can help reinforce shared values and allow leaders to communicate ethical standards more effectively, while remote days provide employees with the autonomy they increasingly expect.
Strengthening data security in the remote era
In the UK, data breaches have become alarmingly routine, with high-profile incidents dominating the headlines, such as the Royal Mail ransomware attack, the UK Electoral Commission breach, and the MOVEit file transfer vulnerability making frequent headlines. But, more recently this year, M&S experienced a cyber incident involving SIM-swap attacks via a third-party provider. The breach disrupted contactless payments and click-and-collect services and led to the website shutting down for nearly seven weeks. M&S estimated losses in the hundreds of millions, and its market value declined by over £1 billion. Similarly, the Co-op Group breach involved attackers using social engineering to trick IT or admin staff into resetting passwords or exposing credentials. While these breaches can’t be attributed to a single cause, the widespread shift to remote and hybrid work models has significantly heightened the risks to data privacy and information security.
With employees accessing sensitive systems and company data from home networks and personal devices, organisations face higher risks of breaches, phishing attacks, and other cyber threats. According to LRN research, the rapid shift to remote work during the pandemic has had costly implications, with data breaches costing an average of $1 million more when remote work was a contributing factor, $4.96 million versus $3.89 million for incidents without this factor.
Hybrid work models introduce unique challenges in managing data security, as employees often switch between their home networks, public Wi-Fi, and in-office systems. However, they are often unaware of the essential cybersecurity measures they should be using when doing this. For example, multi-factor authentication, endpoint monitoring, and encrypted communication are all great tools to help secure a business. During the first few months of the pandemic, a simple switch allowing corporate laptops to accept USB access to allow remote workers to plug in printers at home led to a host of issues, with worries that employees would manipulate this security lapse to steal sensitive data, including customer account information. Knee-jerk changes to systems to accommodate remote workers and a lack of cybersecurity knowledge leave businesses vulnerable to breaches that can compromise customer data, intellectual property, and financial information.
In addition to the technical risks, there are also ethical and cultural implications. It’s likely that employees lack sufficient training on proper data handling and privacy protocols when working remotely, making human error a significant vulnerability for businesses. Therefore, companies must actively train employees on the risks they face. This approach will raise awareness and accountability, ensuring employees understand the real-world consequences of data breaches, not only in terms of regulatory penalties but also reputational damage and loss of trust. Real-life scenario-based training, which includes current risks, is crucial to ensure companies mitigate the now-common remote working risks. Using outdated training methods, such as depicting employees using old technology, will quickly lose engagement.
In hybrid workplaces, organisations that combine ongoing cybersecurity education with strong inclusion strategies are better positioned to mitigate these risks. A culture that encourages employees to report suspicious activities without fear of blame, coupled with clear guidance on secure data practices, can help businesses maintain compliance and build resilience. It’s often easier and more comfortable to report outside of the office. But there is a double-edged sword that out of sight means out of mind, and companies that aren’t encouraging some kind of in-person interaction may lose that ability to spot issues when they happen.
By doing so, they can ensure that their risk management strategies are not only documented but also actionable and ready to be deployed when needed. Proactive testing enhances preparedness, minimizes downtime, and safeguards against the type of cascading failures that can expose workers to harm and companies to reputational or legal risk.
Where do we go from here?
While the UK’s Covid-19 lockdown, when remote work was mandatory for most, lasted only a matter of weeks, the broader period of enforced home working extended for months, enough to reset expectations and reshape working habits for many across the country. Even for some, and in the context of office work history, this was a fleeting disruption. Yet, for the modern workforce, it marked a profound break from tradition. For generations, the workplace had been a fixed destination, not a flexible concept. Leaders now face the challenge of reversing, or at least reshaping, a shift that for many employees feels both permanent and deeply ingrained. The difficulty won’t be merely in designing hybrid work policies, but in recognising that what seems to executives like a short-term pandemic adjustment has, for the workforce, redefined what work is.
As hybrid work continues to evolve, so too must the prioritisation of technical infrastructure and ethical responsibility if a business has any chance of improving its data security. The hybrid, or “Goldilocks” model in particular, can offer opportunities for deeper engagement with codes of conduct, but sustaining ethical consistency requires visibility, trust, and alignment at every level. Managers play a crucial role in ensuring remote work policies are inclusive and supportive, key factors in attracting and retaining top talent.
Ongoing assessment and open communication are essential for embedding ethical standards into daily practice, not just policy. For companies committed to long-term impact, a robust curriculum is vital to keeping the conversation around workplace inclusion active and meaningful, well beyond one-off training sessions.