Willis Towers Watson has launched two new cyber risk assessment services in response to the findings from its recent cyber claims insights report.
Willis Towers Watson's cyber claims insights report found that human error (people risk) was the single biggest root-cause of global cyber incidents and claims, and ransomware (and the subsequent business interruption) is the most significant risk when considering first-party losses.
To help clients manage cyber risk better, the global insurance brokerage and risk management firm has launched Workforce Cyber Culture Assessment (WCCA) and Ransomware Risk Assessment (RRA) services.
WCCA assesses people risk and the impact of business culture in a cyber context. It can highlight any perceived “high risk” attitudes and behaviours within the workforce to cyber risk, such as current working environment and workplace pressures.
Meanwhile, RRA focuses on the most severe cyber threats facing organisations globally and observes the entirety of a client's ransomware threat surface across several key risk areas. It provides clients with a unique, tailored “snapshot” of their ransomware risk posture and offers a practical and concise improvement plan designed to assist with the timely remediation of identified security gaps, exposures, or vulnerabilities.
“The business impacts associated with people-related security incidents and ransomware attacks are well documented, and both have the potential to be catastrophic from a number of organisational standpoints, including operational, financial, and reputational impacts,” said Dean Chapman, the lead cyber risk consultant at Willis Towers Watson. “Whilst the two are intrinsically linked, for example, a ransomware attack is often initiated via a breach of the ‘human’, they require slightly different approaches to risk identification, assessment, and management.
“Targeting humans is quicker, easier, and comes with much higher success rates – cyber criminals only need to get lucky once. For this reason, we have developed these services to assist our clients in focusing their security efforts on addressing two of the most critical cyber risks to businesses today.”