Two-thirds of cyber breaches stem from internal threats

Two-thirds of cyber breaches stem from internal threats | Insurance Business

Two-thirds of cyber breaches stem from internal threats
Two-thirds of cyber breaches come from threats within an organization, according to research by Willis Towers Watson, a global insurance brokerage and risk management firm.
According to the data, employee negligence or malicious acts account for two-thirds (66%) of cyber breaches, compared to only 18% from external threats, while cyber extortion accounted for just 2%.
The firm cautioned that most organizations put all their focus on the technological side of cyber defence but they end up neglecting people-related risks, which make up a majority of cyber risk vulnerabilities.

Want the latest insurance industry news first? Sign up for our completely free newsletter service now.
In order to address these threats, Willis Towers Watson has come up with a Cyber Risk Culture Survey solution. The product, which is the first of its kind, has a cyber risk employee survey, which connects human capital and workplace culture to employer cyber risk vulnerability.
It tracks the extent of risks associated with the employee’s behaviours, helps determine ways to mitigate these factors, and builds a cyber-smart workforce.
Hamish Deery, Asia-Pacific head of talent and rewards for Willis Towers Watson, said the data shows several characteristics common to many companies who have been hit by cyber breaches.
He said: “Their employees’ experience includes a relatively poor induction when joining the company. Especially in IT, this is a serious source of risk if new staff is not effectively trained to manage cyber risk. The inability to create an ongoing learning environment is also evident, including knowledge of how to circumvent hackers’ attempts to acquire confidential and sensitive data.
“Understanding and addressing these workplace cultural elements is a first step to creating an environment that supports a holistic, integrated risk mitigation strategy,” Deery added.

Related stories:
Transport industry wants more than insurance on cyber risk
Industry is “going insane” with approach to cyber risk
Top operational risks faced by companies revealed