Cyber risk has many obvious impacts on a business but one international broker has revealed the issues cyber-attacks have on employees of affected businesses.
According to a new Willis Towers Watson report, employees judge organisations experiencing data breaches as lacking a learning culture that flourishes with high integrity and puts the customer at the centre of business activity.
The report, entitled
Inside Threat: Why Employee Behavior and Opinions Impact Cyber-Risk, shows employees’ opinion of data breach companies. The report also puts a fundamental emphasis on employee culture as a first line of defence against cyber-risk.
“These data are significant because they offer an inside view of workforce culture and for the first time reveal the vulnerabilities within companies experiencing cyber –breaches based on the ultimate insiders – their employees,” commented Patrick Kulesa, global research director, on the findings.
The Willis Towers Watson analysis was based on survey results from over 450,000 employees corresponding to a period during which significant data breaches were identified within their firms. The results were then benchmarked against global high-performance companies and global information technology staff.
Willis Towers Watson said that, as expected, survey findings show significant gaps in favourable opinion scores between employees in data breach groups and each benchmark, particularly in three areas of workforce culture – training, company image, and customer focus.
Compared to the IT employee group, IT employees in data breach companies gave low scores to training and perceived training of new employees. The analysis points to the vulnerability of new staff as a potential serious source of cyber-risk if not effectively trained.
Also compared to the IT employee group, the analysis shows that frontline IT staff in data breach companies report less favourable views of perceived pay-for-performance for their role – a potential barrier for efforts to identify and manage cyber-risk.
Compared against both benchmarks, employees in data breach companies suggest a widespread lack of customer focus. This is a critical issue from a risk management perspective, as it could set the stage for poor decision making and undermine efforts to counteract theft of online customer information.
“There is broad awareness of the human element as a risk factor in data security breaches. However, to more effective manage cyber-risk, organizations need to better understand how the various elements of their workforce culture shape their employees’ behaviour, and ultimately, either reduce or drive their exposure to cyber-risk,” said Adeola Adele of Willis Towers Watson’s FINEX North America practice.
To address cyber-risk stemming from inside threats, Willis Towers Watson experts suggest the flowing prevention priorities for organisations:
- Collaborate across corporate functions, including IT, HR, Legal, Operations, and Finance, in setting cyber-strategy;
- Invest in making the workforce cyber-smart, and provide rewards and disincentives to encourage a cyber security-supportive culture;
- Consider technology as only of the several lines of cyber defence; and
- Insure for cyber-threats the organisation cannot mitigate.
For a full report on the Willis Towers Watson analysis, visit the Willis Towers Watson
website.