Cybersecurity is a fundamental challenge for organizations across the world. As people turn to apps and the internet to run their daily tasks, the issue of cybersecurity becomes ever more prevalent.
Participants of the Willis Towers Watson 2017 Cyber Risk Survey revealed that one in five US organizations has suffered a cyber breach in the last year. Understandably then, a huge 85% of the US employers who took part in the survey said they regard cybersecurity as a top priority in today’s digital society.
Cyberattacks and data breaches aren’t always the results of criminal attacks or internet hacks. In fact, it is often human ignorance and mistakes that can leave organizations vulnerable. Building a cyber-savvy workforce is a key element of an organization’s cybersecurity, according to Tracey Malcolm, leader of the Future of Work practice at Willis Towers Watson.
“There needs to be a cyber-savvy culture embedded within an organization,” Malcolm told Insurance Business. “First off, businesses need to get clear on the memo and plans they need for cybersecurity. Then they need to make everyone understand they have an accountability for the security of data.
“In order to create a more cyber-savvy culture and IQ, organizations need to make sure they’re treating the protection and handling of data, and the use of technology and work resources, in the way they were intended. It needs to go beyond a quick mandatory training mindset to a complete IQ and an intention to recognize that the way employees carry out their work is important.”
The world of cybersecurity is changing alongside the world of work. The insurance industry, like many other industries, is now doing lots of its activities in the Cloud and offering more mobile and application-based solutions for clients. This technology-based workplace establishes a new cybersecurity reality that employers and employees need to address.
Adapting to this new cybersecurity reality requires organizations to move beyond tried and tested security realms of the past, according to Malcolm. Organizations need to be innovative in their approach to cybersecurity and think about onboarding, outsourcing and effective talent acquisition.
This might include creating a hybrid cybersecurity role and filling it with a skilled worker from a non-traditional area like law enforcement or a government agency. It might also include separating the organization’s cybersecurity department away from its internal IT division in order to gain “a better line of insight and an increased focus on information security,” said Malcolm.
“There’s an increasing mix of workers who are all utilizing data and technology in the workplace,” commented Malcolm. “Some of those workers will be contractors or on-boarders, which could really increase the cyber IQ of the company more broadly.”
Related stories:
Government issues cyber warning to businesses
Marsh cyber insurance rates in decline in US
