Hybrid working is no longer an emergency response or a temporary experiment.

Over a quarter of working adults in Great Britain do so. And almost three quarters of organizations still support some form of hybrid working. Simultaneously, there’s been a drop in those who only work from home or only travel to the office.

What’s increasingly clear is that there’s no single direction of travel, and a “new normal” doesn’t really exist. Some organizations are embedding hybrid (or even ‘virtual first’) working more deeply into their operating models. Others, notably firms like JP Morgan, are actively moving away from it.

This divergence illustrates that hybrid working isn’t the inevitability or universal good that some predicted after the pandemic. It’s a choice that needs to be made carefully. For small and medium-sized enterprises (SMEs), it’s a choice with specific challenges that are often more acute than for larger organizations.

So how can you make hybrid working work for you, and what role do standards play?

The attraction (and limits) of hybrid working for SMEs

Hybrid working remains appealing for understandable reasons, and for some SMEs it can be an effective way to widen the talent pool in competitive skills markets. Most employees now cite work-life balance as even more important than pay (particularly true for Gen Z staff). These shifting priorities make it possible to compete with larger organizations on something other than salary.

There is also evidence that hybrid working can support productivity and wellbeing (though only if properly supported). Gains come largely through a reduction in commuting time and the space for more focused work. For some employees, particularly parents, hybrid arrangements can make full-time work more sustainable.

However, these benefits are uneven. They depend heavily on individual roles, ways of working, management capability, and organizational maturity. For SMEs, hybrid working can just as easily introduce friction and risk as remove it.

The challenges of hybrid working (and why they hit SMEs harder)

If a business chooses to adopt hybrid working, it also takes on a distinct set of challenges. For SMEs, these challenges tend to be magnified.

1. Technology, security, and compliance pressures

Hybrid working expands the potential for security weak points. You now have to think about securing employees’ home networks, personal devices, and remote access points. It can be challenging to keep track of and secure all these new potential weak spots – even more so where cybersecurity policies and systems haven’t been updated since hybrid working was introduced.

This creates real exposure. 41% of cyberattacks in 2025 targeted remote workers. Informal workarounds (personal file storage or unapproved software) make it harder to meet data protection and regulatory obligations. What was introduced for ease and flexibility can easily turn into a governance headache.

The rapid uptake of AI tools adds another layer of complexity. Employees are increasingly using AI in day-to-day work. Without guidance and control, this can create data protection and intellectual property risks that are tricky to monitor.

2. Technical debt and ‘shadow IT’

During the rapid shift to remote work, many businesses adopted tools quickly and incrementally. Over time, this can lead to overlapping systems, duplicate licences, and fragmented workflows. In hybrid environments, these inefficiencies can be harder to see. Employees bypass clunky systems, creating ‘shadow IT’ that increases risk, wastes money, and undermines control.

3. Management capability and legal risk

Hybrid working makes good line management much more important. Decisions about flexibility, performance, and reasonable adjustments are often made on an individual basis. However, decision-makers often don’t have any specific training on how to make decisions consistently or effectively.

In many situations, this works, but it can be particularly sensitive where health or disability is involved. Poorly handled returns-to-work or inflexible responses can easily lead to disputes, or even legal claims. You also need to think about how to meet health and safety responsibilities when employees are working remotely. The Health and Safety at Work Act 1974 still requires employers to protect staff, wherever they’re working.

4. Inequality, visibility, and workplace divides

Importantly, hybrid working doesn’t benefit all workers equally. It is far more common among higher-paid, degree-educated employees and less accessible to frontline or operational staff. Office-based staff may also enjoy greater informal visibility than other employees. In mixed workforces, this can entrench a two-tier workforce, creating resentment and a sense of unfairness.

5. Early career development and the generational challenge

Younger workers are less likely to hybrid work and are more likely to struggle when they do. Reduced exposure to informal learning, mentoring, and workplace norms can slow development and weaken culture. This represents a long-term risk to workplace culture and the talent pipeline.

These challenges highlight the importance of being deliberate about how hybrid work is designed and managed. One important step is involving employees in shaping how hybrid working operates in practice. Consulting staff on what works, where risks lie, and how collaboration and communication should function can help identify issues early. This can make the difference between hybrid working becoming a source of friction or a sustainable way of working.

The role of standards

The challenges to hybrid working don’t necessarily outweigh the benefits, but they do require careful management. Standards can be a great way to strike the right balance, manage the risks, and build trust and productivity. Some relevant standards include:

BS EN ISO 45001 Occupational health and safety management systems – Requirements with guidance for use

An internationally recognized framework for managing occupational health and safety. While originally designed for traditional workplaces, its Plan-Do-Check-Act (PDCA) methodology is fully applicable for hybrid working. Note: BS EN ISO 45008 is currently in development. It takes the principles of 45001 and applies them specifically to remote working.

BS ISO 45003 Occupational health and safety management – Psychological health and safety at work – Guidelines for managing psychosocial risks

Gives guidelines for managing psychosocial risk within the occupational health and safety management system based on BS EN ISO 45001. The standard helps develop and promote mental health support at work, and is applicable to traditional, hybrid or remote environments.

BS ISO 44001 Collaborative business relationship management systems – Requirements and framework

Provides a framework for managing collaborative relationships within the business, as well as with partners and stakeholders. This can be particularly relevant when teams work remotely or across locations.

BS ISO 44002 Collaborative business relationship management systems – Guidelines on the implementation of ISO 44001

Gives guidelines for organizations on implementing ISO 44001 to achieve successful collaborative business relationships, as well as helping organizations use and implement the framework specification effectively.

BS EN ISO/IEC 27001 Information security, cybersecurity and privacy protection – Information security management systems – Requirements

Provides requirements for the development and operation of an information security management system (ISMS). With hybrid working introducing fresh cybersecurity risks, implementing robust systems and controls is more important than ever.

PD ISO/IEC 27001:2022 SME Handbook — Information Security Management Systems – A practical guide for SMEs

Specifically developed for SMEs, this handbook provides a comprehensive guide for developing and implementing an ISMS.

BS 30416:2023 Menstruation, menstrual health and menopause in the workplace – Guide

Designed to help businesses identify practical workplace adjustments for employees experiencing peri/menopause symptoms. It is a practical tool with examples of actions and adjustments that can be made. Relevant to hybrid, remote, or traditional working patterns.

BSI membership also connects you to the wider thinking behind standards. For example, our Prioritizing People Model is a framework developed to help build a lasting culture of care, trust, and resilience.

Hybrid working isn’t a neutral decision, and understanding the tradeoffs is key. If adopted, it brings with it specific technology, management, security, and cultural challenges. For businesses looking to take the leap (or tighten up practices), standards can be a great way to get started.

Discover more about BSI Membership

Become a BSI member and you’ll be joining over 11,000 organizations committed to making positive change through standards. You’ll get extra support in implementing standards via a team of research professionals and stay up to date with relevant changes to standards with a monthly spreadsheet. Your personalized Membership certificate and digital Membership badge will help your organization stand out from the competition, too. And every member enjoys a 50% saving on British Standards and 50% off subscriptions to BSI Knowledge and BSI Compliance Navigator. Members also get 10% off ISO and other foreign standards. Find out more about BSI Membership here.