The so-called human element of the cyber equation, employees’ understanding of cyber risk, was ranked by 79% of U.S. employees as the biggest barrier to firms’ cyber risk management in a recent Willis Towers Watson survey.
The survey revealed a massive disparity between firms’ beliefs about their level of protection, and the realities of exposure to cyber threat.
Nearly three-quarters of U.S. firms surveyed believe they’re highly protected from cyber threat; despite the ever-increasing losses to business as cyber attacks on firms’ data and systems grows in severity and frequency.
“As the world has seen with the proliferation of phishing scams, most recently highlighted by the global WannaCry ransomware attack, the opening of just one suspicious email containing a harmful link or attachment can lead to a companywide event,” said Anthony Dagostino, head of global Cyber Risk, Willis Towers Watson.
“However, there appears to be a disconnect between executive priorities around data protection and the need to invest in a cyber savvy workforce through training, incentives and talent management strategies.”
Nearly half (45%) of employees spent 30 minutes or less on cybersecurity training in 2016, and a quarter received none at all.
“Hackers are exploiting the fact that while corporations are building walls of technology around their organizations and networks, by far the biggest threat to corporate digital security and privacy continues to come from employees within, often completely by accident.
“A truly holistic cyber risk management strategy requires at its core a cyber savvy workforce; however, organizations first have to know where the vulnerabilities are in order to plug the gaps.
“Many organizations are facing talent deficiencies and skill shortages in their IT departments, which in turn are creating significant loopholes in their overall security measures,” said Dagostino.
Over 30% of employees admitted to having logged into their work-designated computer or mobile device using an unsecured public network; the Willis report suggests employees may not be fully aware of the level of threat or feel personally accountable for how their behaviour could endanger the firm – factors which pose a serious risk to the long-term sustainability of a business.
However, Willis expert Dagostino called the findings “encouraging” as “human capital solutions and improvement of operating procedures will be a priority for nearly three-quarters of organizations in the next three years.”
Cyber risk expert Dagostino said a heavy emphasis on technology is “crucial given the competing sophistication of cybercriminals” and as technology evolves and becomes more sophisticated, costs of minimising cyber risk are expected to rise, so tackling cyber knowledge and accountability among employees could be not only the most pressing but also the most inexpensive route for firms to take.
And in the aftermath of the global WannaCry ransomware attack, businesses and underwriters of re/insurers assuming cyber risks have been given a wake-up call to the potential cost of inaction on tackling cyber risk.