SecurityBrief Asia logo
Story image

Willis Towers Watson says the biggest cyber risks right now are your employees

09 Mar 2017

Businesses should focus more on employees and company culture as they manage their cyber risks before they get too bogged down in the technology, Willis Towers Watson says.

While that technology is a fundamental part of cyber protection, often ‘people risks’ are ignored. 

Those people risks include employee negligence and deliberate malicious acts, which in total represent 66% of cyber breaches, while only 18% were from an external threat and cyber extortion accounts for 2%, according to company data.

The company’s head of global Cyber Risk Anthony Dagostino says that organisations are focusing too much on technology and might miss the bigger picture.

“While technology has an important role to play, it really needs to be linked with an understanding of the human element. The simple truth is that a data compromise is more likely to come from an employee leaving a laptop on the train than from a malicious criminal hack. We believe employees and companies with a strong culture and cyber aware workforce are the first line of defense against cyber risk,” he says.

When the company analysed those findings, it decided to launch a Cyber Risk Culture Survey solution, which connects human capital and workplace culture to cybersecurity vigilance and risk. It also enables tracking risk in employee behaviours, eventually building a ‘cyber smart’ workforce.

“When we talk to clients about cyber risk, they tell us bridging their operational silos is one of the biggest hurdles within their organizations,” adds Patrick Kulesa, director of Employee Survey Research at Willis Towers Watson. 

The results from the solution can show an organisation’s internal risk culture, focusing on where it may be vulnerable to human-based cyber incidents. Managers can then use these insights to form solutions such as culture changes, reward schemes and other interventions to mitigate the risk.

Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Five things ANZ businesses should know about storing customers’ data
Businesses need to correlate events intelligently across multiple threat surfaces, application layers, and time spans to connect event A, to event B, to event C — even if they are months apart.More
Story image
COVID-19-themed threats, Powershell malware continue surge
“The world—and enterprises—adjusted amidst pandemic restrictions and sustained remote work challenges, while security threats continued to evolve in complexity and increase in volume."More
Story image
CISOs facing rising security debts
Chief information security officers are facing a rising security debt to secure their organisations against an increasing volume of attacks by well-armed criminals. More
Story image
Major firms disclose breaches in the wake of SolarWinds attack
Microsoft, Shell, GoDaddy, MobiKwik — these are just some of the high-profile company's on the receiving end of sophisticated attacks, writes Bitglass senior director of marketing Jonathan Andresen.More
Story image
Zscaler expands CIEM solutions with Trustdome acquisition
Zscaler, the cloud security company, has officially entered into a definitive agreement to acquire Trustdome, a Cloud Infrastructure Entitlement Management (CIEM) company.More