Willis Towers Watson Launches Suite of Cyber Risk Management Assessments

January 12, 2021

Insurance broker Willis Towers Watson has introduced two new cyber risk assessment services – the Workforce Cyber Culture Assessment (WCCA) and the Ransomware Risk Assessment (RRA)

Willis Towers Watson describes the WCCA as an innovative cyber risk methodology specifically designed to assess people risk and the impact of business culture in a cyber context. It highlights any perceived “high risk” attitudes and behaviors within the workforce to cyber risk, such as current working environment and workplace pressures (a critical area in the current economic climate) and assesses the key factors affecting the likelihood and impact of people-related cyber security incidents. It enables Willis Towers Watson to provide clients with focused and concise recommendations for risk reduction as well as a tailored roadmap to support the achievement of a resilient cyber security strategy with measurable and actionable metrics.

The RRA is described as a custom assessment framework, available for both information technology and operational technology environments, that focuses on the most severe of cyber threats facing organizations globally. The assessment moves beyond just technology controls and observes the entirety of a client’s ransomware threat surface across several key risk areas. The RRA provides clients with a unique, tailored “snapshot” of their ransomware risk posture, as well as offering a practical and concise improvement plan that is designed to assist with the timely remediation of identified security gaps, exposures or vulnerabilities. The delivery process consists of three simple phases ensuring Willis Towers Watson can provide a complete RRA in as little as three weeks – from start to finish.

These two services were developed in response to the findings of Willis Towers Watson’s cyber claims insights report, published in July 2020, which found that:

  1. Human error (people risk) was the single biggest root-cause of global cyber incidents / claims, and
  2. Ransomware (and the subsequent business interruption) is the most significant risk when considering first-party losses, or in other words, the direct financial costs to businesses.

“The business impacts associated with people-related security incidents and ransomware attacks are well documented, and both have the potential to be catastrophic from a number of organizational standpoints, including operational, financial and reputational impacts,” commented Dean Chapman, lead cyber risk consultant, Willis Towers Watson.

“Whilst the two are intrinsically linked, for example, a ransomware attack is often initiated via a breach of the ‘human,’ they require slightly different approaches to risk identification, assessment and management,” Chapman said. “Targeting humans is quicker, easier and comes with much higher success rates – cyber criminals only need to get lucky once. For this reason, we have developed these services to assist our clients in focusing their security efforts on addressing two of the most critical cyber risks to businesses today.”

Source: Willis Towers Watson

Was this article valuable?

Here are more articles you may enjoy.