Main threat from within
22 Mar 2017
Two-thirds of cyber breaches arise from internal threats, claims data released by Willis Towers Watson has shown. Many organisations continue to focus on the technology aspect of cyber defence, which is crucial, but often at the expense of people-related risks which represent the largest source of data breach claims, warned the broker.
Breached companies fail in culture of cybersecurity management
Mr Hamish Deery, Asia-Pacific head of Talent and Rewards for Willis Towers Watson, said the data shows that companies who have had cyber breaches have a different cultural profile. He commented: “Their employees’ experience includes a relatively poor induction when joining the company. Especially in IT, this is a serious source of risk if new staff is not effectively trained to manage cyber risk.
“The inability to create an ongoing learning environment is also evident, including knowledge of how to circumvent hackers’ attempts to acquire confidential and sensitive data. Failing to sufficiently emphasise a customer focus, and appropriate incentive and training programs to support the management of cybersecurity are also evident in those companies who have had breaches. Understanding and addressing these workplace cultural elements is a first step to creating an environment that supports a holistic, integrated risk mitigation strategy.”
Cyber risk top-rated for Australian companies
Willis Towers Watson Financial and Executive Risks specialist Tanya Stevenson said cyber risk is one of the top-rated business risks faced by Australian companies. She commented: “With the recent introduction of a mandatory notification regime for privacy breaches, combined with an increased regulatory focus on the cyber resilience of Australian businesses, it is vital that companies understand their cyber risks.”
She added: “Companies are increasingly looking to purchase cyber insurance as a risk transfer solution. Those that are best able to articulate their cyber risk culture and their management of cyber risks, beyond their IT departments, are unsurprisingly in the strongest position for negotiations of cyber insurance quotations and coverage.”
- source ARM