The Barefoot Insight

Why Cyber Risk Spikes When People Are Stretched Thin

Cybersecurity incidents seldom come from dramatic, high-tech attacks. More often, they surface in quiet, ordinary moments, when people are rushed, overloaded, or simply not paying full attention. And in recent activity across the security landscape, we’ve noticed three familiar patterns emerging again.

None of them are reasons to panic. But all of them reflect one truth: When people are stretched thin, cyber risk rises.

1. Attackers take advantage of distraction

Lately, we’ve seen a noticeable increase in personalised phishing attempts. Attackers continue to impersonate suppliers, executives, and trusted platforms like Microsoft 365, crafting messages that look convincing enough to catch someone in a hurry.

The issue isn’t that people don’t understand phishing.It’s that busy people click faster.

When workloads spike or teams feel pressure, the small hesitation that prevents a mistake often disappears.

What leaders should take from this: A calm, well-timed reminder to your team can make all the difference. Encouraging people to pause before approving payments or opening unusual attachments can stop the majority of these attempts. Gentle nudges go further than technical controls alone.

2. Outdated systems are still the easiest way in

We also continue to see incidents linked to systems that haven’t been updated. Not new vulnerabilities, but old ones. Known ones. The kind that attackers rely on because they know businesses delay patches when other pressures take priority.

This isn’t a technical problem; it’s an operational one. Updates feel disruptive, especially during busy periods. But delaying them creates silent, growing risk.

A big part of this challenge is budget. In many organisations, older systems remain in place because they “still work,” and replacing them feels like a cost that can be pushed out. Security is often treated like insurance — something to spend on only when absolutely necessary. But there’s a quiet truth here: newer systems are almost always more secure, even if they don’t come with shiny new features. Leaders who prioritise budgeting for modernisation significantly reduce risk before it appears.

For leaders: Patching remains one of the simplest and most cost-effective protections available. Supporting your teams with both time and budget to keep systems current does more for your security posture than many advanced tools ever will.

3. Backups are quietly shaping outcomes

Across recent incidents globally, the organisations that recovered quickly had one thing in common: reliable, tested backups. Those without them experienced prolonged downtime, higher costs, and a far more stressful response.

Accidental deletions, misconfigurations, and ransomware attempts, all become manageable when backups work. And significantly more damaging when they don’t.

The takeaway:A quick check that backups are recent, complete, and restorable is one of the highest-value actions any business can take. It’s often overlooked, yet it determines the impact of many incidents.

A grounded reminder for leaders

Nothing in these patterns is new, but they are important. Because they highlight something business leaders know intuitively:

Cybersecurity weakens when people are overextended.

Not because your teams are careless. Not because they aren’t trained. But because they’re human.

As a leader, you can make a meaningful difference by:

• giving teams space to slow down where it matters

• supporting routine maintenance before it becomes an emergency

• normalising double-checks and clarifying unusual requests

• encouraging calmness instead of urgency

  
  

Barefoot Cyber handles the complex, technical side of protection through services like our Managed Detection & Response offering. But shared awareness, the human kind, remains one of the best defences any organisation has.