- Pricing and telematics lead the charge as insurtech patents jump 40pc
- FCA puts general insurance pricing practices under review
- Volvo and Baidu reach agreement to produce autonomous vehicles
- Cyber and D&O exposures increasingly intertwined, Airmic report finds
- Arch selects Touchstone for cat risk modelling
People, not technology, largest source of data breach claims
Written by staff reporter
While many organisations continue to focus on the technology aspect of cyber defence, which is crucial, it is people risks which represent the largest source of data breach claims.
According to Willis Towers Watson, businesses must focus more on employees and company culture in efforts to manage cyber risk. Their own claim data show that employee negligence or malicious acts account for two-thirds (66%) of cyber breaches, where by contrast only 18% were directly driven by an external threat, and cyber extortion accounted for just 2%.
The data further shows that about 90% of all cyber claims are the result of some type of human error or behaviour.
Head of global cyber risk at Willis Towers Watson, Anthony Dagostino, said it is vital that technology is used alongside an understanding of the human element. "The simple truth is that a data compromise is more likely to come from an employee leaving a laptop on the train than from a malicious criminal hack. We believe employees and companies with a strong culture and cyber aware workforce are the first line of defence against cyber risk.”
WTW is concurrently launching a new Cyber Risk Culture Survey solution which aims to connect human capital and workplace culture to employer cyber risk vulnerability. The tool is designed to measure an organisation’s cultural elements of cyber risk related to human capital awareness and frequency of supportive employee actions.
“When we talk to clients about cyber risk, they tell us bridging their operational silos is one of the biggest hurdles within their organisations,” said Patrick Kulesa, director, Employee Survey Research, Willis Towers Watson. “Our offering is relevant to many audiences within the organisation -- not only corporate risk managers, data security teams and human resource professionals, but the entire executive suite -- all of whom are crucial links in the chain of cyber risk management and mitigation.”