Managing cyber risk
Global advisory, broking and solutions company Willis Towers Watson is urging businesses to focus more on employees and company culture in efforts to manage cyber risk.
The company said that many organisations continue to focus on the technology aspect of cyber defence, which is crucial, but often at the expense of people risks, which represent the largest source of data breach claims.
According to Willis Towers Watson’s claim data, employee negligence or malicious acts account for two-thirds (66 per cent) of cyber breaches, while only 18 per cent were directly driven by an external threat, and cyber extortion accounted for just two per cent. Additionally, approximately 90 per cent of all cyber claims are the result of some type of human error or behaviour.
In response to its findings, the company has launched a new tool, which is the first of its kind in the marketplace – a Cyber Risk Culture Survey solution. The idea is that the tool connects human capital and workplace culture to employers’ cyber risk vulnerability.
“Evidence suggests that many businesses are taking an overly technocratic approach to cyber risk and are in danger of missing the bigger picture,” said Anthony Dagostino, head of global cyber risk at Willis Towers Watson. “While technology has an important role to play, it really needs to be linked with an understanding of the human element. The simple truth is that a data compromise is more likely to come from an employee leaving a laptop on the train than from a malicious criminal hack. We believe employees and companies with a strong culture and cyber aware workforce are the first line of defence against cyber risk.”