Story image

Willis Towers Watson says the biggest cyber risks right now are your employees

09 Mar 2017

Businesses should focus more on employees and company culture as they manage their cyber risks before they get too bogged down in the technology, Willis Towers Watson says.

While that technology is a fundamental part of cyber protection, often ‘people risks’ are ignored. 

Those people risks include employee negligence and deliberate malicious acts, which in total represent 66% of cyber breaches, while only 18% were from an external threat and cyber extortion accounts for 2%, according to company data.

The company’s head of global Cyber Risk Anthony Dagostino says that organisations are focusing too much on technology and might miss the bigger picture.

“While technology has an important role to play, it really needs to be linked with an understanding of the human element. The simple truth is that a data compromise is more likely to come from an employee leaving a laptop on the train than from a malicious criminal hack. We believe employees and companies with a strong culture and cyber aware workforce are the first line of defense against cyber risk,” he says.

When the company analysed those findings, it decided to launch a Cyber Risk Culture Survey solution, which connects human capital and workplace culture to cybersecurity vigilance and risk. It also enables tracking risk in employee behaviours, eventually building a ‘cyber smart’ workforce.

“When we talk to clients about cyber risk, they tell us bridging their operational silos is one of the biggest hurdles within their organizations,” adds Patrick Kulesa, director of Employee Survey Research at Willis Towers Watson. 

The results from the solution can show an organisation’s internal risk culture, focusing on where it may be vulnerable to human-based cyber incidents. Managers can then use these insights to form solutions such as culture changes, reward schemes and other interventions to mitigate the risk.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.