Ransomware attacks, such as WannaCry and Petya, have captured the headlines over the past several months. It was recently announced publicly that a mega cable network was hit with a ransomware incident when hackers released a trove of stolen files online, including those related to its fan-favorite Emmy award-winning show, scripts, and employee information, and demanded approximately $6million in bitcoin.
Due to the potential financial and reputational losses that can result from a cyber incident, it is more important than ever for organizations to recognize the people, capital, and technology risks they face and have a holistic vision on how to combat these risks. As a business leader with responsibility over risk, security or human resources, driving a cyber-savvy workforce, making a conscious effort to improve your Cyber IQ and ensuring that risk, IT and HR are continuously communicating and collaborating, are all critical first steps in laying the foundation for holistic cyber risk management strategies.
Developing and implementing an effective cyber risk strategy is complex and many issues are encountered along the journey. To shed light on these issues and in support of the U.S. Department of Homeland Security’s National Cyber Security Awareness Month this October, we’ve associated a letter of the alphabet to a buzz word that unveils a cyber risk business challenge. Follow along with us over the next 26 days as we uncover these key components to cyber risk management and mitigation and learn what you can do with your colleagues to enhance your Cyber IQ.
People and cyber – Why this matters now
Many organizations underestimate the people risk component of cybersecurity and fail to recognize that they are only as secure as their weakest link. According to the 2016 Willis Towers Watson Claims study, 66% of cyberinsurance claims are related to employee-driven incidents.
Further, our recent Cyber Risk Pulse Survey highlights an opportunity for organizations to better manage employee awareness training. About half of employees spent less than 30 minutes on training in the last year. Moreover, 62% of employees completed their training only because it was required by their companies. Therefore, not only do employees need to spend more time in training, they need to move from merely complying with training requirements to actively engaging in their training, and organizations need to do a better job of designing trainings based on employees’ responsibilities and access to sensitive data.
To build a cyber-savvy organization, it is also essential to create an ongoing learning environment that emphasizes staying up-to-date with business trends and applying acquired skills to business challenges, including cybersecurity. In this regard, the war for talent in IT requires organizations to develop and implement appropriate talent management strategies that keep pace with cybercriminals intent on exploiting the vulnerabilities created by the talent shortage and related skills deficit.
HR leaders need to be on the front line of cybersecurity and working hand-in-hand with the risk department, IT, and other organizational functions to mitigate cyber risk. Below are 6 reasons why:
- Cyber risk impacts every aspect of operations, but current focus has been on capital and technology risk management strategies
- Employees are the main cause of cyber incidents, whether through negligent/accidental actions or malicious insiders
- Organizations are planning to increase investments in human capital solutions in the next three years
- Growing disconnect between companies’ view of cybersecurity readiness and employees’ behavior and engagement
- Digitization is creating a skills deficit and talent shortage in IT departments and digital skills in general
- Boards and C-Suites are increasingly accountable for cyber risk and are looking to Risk Managers, CISOs and CHROs as key stakeholders
Learn more about comprehensive cybersecurity from Willis Towers Watson.
Jason Krauss is a thought and product leader for Cyber and E&O insurance for FINEX.