While many organizations continue to focus on the technology aspect of cyber defense, which is crucial, they often do so at the expense of people risks, which represent the largest source of data breach claims.
New claims data analysis from global brokerage firm Willis Towers Watson shows that employee negligence or malicious acts account for two-thirds (66 percent) of cyber breaches, where by contrast only 18 percent are directly driven by an external threat, and cyber extortion accounted for just 2 percent.
Willis Towers Watson said its data further show that approximately 90 percent of all cyber claims are the result of some type of human error or behavior.
The company is urging businesses to focus more on employees and company culture in efforts to manage cyber risk.
The firm has launched a Cyber Risk Culture Survey solution, which is a cyber risk employee survey, it says connects human capital and workplace culture to employer cyber risk vulnerability by tracking the extent of risk inherent in employees’ behaviors and coming up with ways to mitigate this factor and build a “cyber smart” workforce.
“Evidence suggests that many businesses are taking an overly technocratic approach to cyber risk and are in danger of missing the bigger picture,” said Anthony Dagostino, head of global Cyber Risk, Willis Towers Watson. “While technology has an important role to play, it really needs to be linked with an understanding of the human element. The simple truth is that a data compromise is more likely to come from an employee leaving a laptop on the train than from a malicious criminal hack. We believe employees and companies with a strong culture and cyber aware workforce are the first line of defense against cyber risk.”
The Cyber Risk Culture Survey results provide a picture of an organization’s internal risk culture, with a particular focus on where it might be most vulnerable to employee-driven cyber incidents. These results allow senior leadership to take decisive action to create solutions, including cultural changes, and talent and reward interventions, to mitigate cyber risk, according to the consulting firm.
“When we talk to clients about cyber risk, they tell us bridging their operational silos is one of the biggest hurdles within their organizations,” said Patrick Kulesa, director, Employee Survey Research, Willis Towers Watson. “Our offering is relevant to many audiences within the organization — not only corporate risk managers, data security teams and human resource professionals, but the entire executive suite — all of whom are crucial links in the chain of cyber risk management and mitigation.”