Two-thirds of cyber breaches come from threats within an organization, according to research by Willis Towers Watson, a global insurance brokerage and risk management firm.
According to the data, employee negligence or malicious acts account for two-thirds (66%) of cyber breaches, compared to only 18% from external threats, while cyber extortion accounted for just 2%.
In order to address these threats, Willis Towers Watson has come up with a Cyber Risk Culture Survey solution. The product, which is the first of its kind, has a cyber risk employee survey, which connects human capital and workplace culture to employer cyber risk vulnerability.
It tracks the extent of risks associated with the employee’s behaviours, helps determine ways to mitigate these factors, and builds a cyber-smart workforce.
Hamish Deery, Asia-Pacific head of talent and rewards for Willis Towers Watson, said the data shows several characteristics common to many companies who have been hit by cyber breaches.
He said: “Their employees’ experience includes a relatively poor induction when joining the company. Especially in IT, this is a serious source of risk if new staff is not effectively trained to manage cyber risk. The inability to create an ongoing learning environment is also evident, including knowledge of how to circumvent hackers’ attempts to acquire confidential and sensitive data.
“Understanding and addressing these workplace cultural elements is a first step to creating an environment that supports a holistic, integrated risk mitigation strategy,” Deery added.
Transport industry wants more than insurance on cyber risk
Industry is “going insane” with approach to cyber risk
Top operational risks faced by companies revealed