Some 27% of UK employees received no cyber security training last year, and 46% had just 30 minutes or less, according to research from Willis Towers Watson (WLTW).
That is despite 63% of businesses saying that their organisation is highly protected, and 66% maintaining that they have the right processes in place to adequately react to privacy and security threats.
Of the employees that did complete cyber security training, 62% said that they only did so because they were required to, while 46% believe that opening any email on their work computer is safe.
“There appears to be a disconnect between executive priorities around data protection and the need to invest in a cyber-savvy workforce through training, incentives and talent management strategies,” WLTW head of global cyber risk, Anthony Dagostino, said.
“As the world has seen with the proliferation of phishing scams, most recently highlighted by the global WannaCry ransomware attack, the opening of just one suspicious email containing a harmful link or attachment can lead to a company-wide event.
“Hackers are exploiting the fact that, while corporations are building walls of technology around their organisations and their networks, by far the biggest threat to corporate digital security and privacy continues to come from the employees within, often completely by accident.”
UK employees ranked ‘insufficient understanding’ as the biggest barrier to their organisation effectively managing its cyber risk, with over 30% admitting they had logged into their work-designated computer or mobile device over an unsecured public network.
Only 40% of employers have made progress addressing cyber security factors tied to human error and behaviors in the last three years, while it is expected that the costs of minimising cyber risk will increase as technology evolves.
“A truly holistic cyber risk management strategy requires at its core a cyber-savvy workforce, however, organisations first have to know where the vulnerabilities are in order to plug the gaps,” Dagostino said.
“Many organisations are facing talent deficiencies and skills shortages in their IT departments, which in turn are creating significant loopholes in their overall security measures.”
“But it is also encouraging that human capital solutions and improvement of operating procedures will be a priority for over 70% of organisations in the next three years.”
An increasing reliance on data and IT systems has seen cyber incidents shoot to the top of the most pressing risks facing businesses worldwide, research by Allianz has uncovered.
17 January 2020
The majority of risk managers worldwide cannot adequately assess the threats posed by new technologies, research by Accenture has found.
10 December 2019
Financial institutions will save $7bn (£5.43bn) by 2024 thanks to blockchain technology and the automation of customer checks, a market research firm has predicted.
05 November 2019
Why InsurTech? A Pressured Insurance Value Chain
By Andrew Sagon, Andrew Johnston and Matthew Wong
InsurTech is a burgeoning phenomenon that is modernising the insurance industry. It is disrupting the traditional value chain whereby insurers offer loss protection, and shifting the emphasis to risk mitigation. Incumbents face disintermediation as investors in search of higher yields pour money into insurance-linked instruments in the capital markets. And entrepreneurial businesses are targeting friction costs and inefficiencies within every aspect of the traditional value chain.
Nimbleness and agility will unlock potential
By Elinor Friedman, Andrew Harley and Klayton Southwood
Recent Willis Towers Watson surveys in the U.S. have shown that P&C and life insurers in developed markets are taking seriously the potential of big data and predictive analytics to improve their businesses. Nimbleness and agility, rather than brute force, are likely to be key to realizing that potential.
Driven by technology, toolkits and talent
By Claudine Modlin and Graham Wright
Advanced analytics is helping some insurers offer innovative products and solutions. What do insurers need to know about the changing nature of analytics and whether it is worth the investment? Claudine Modlin and Graham Wright discuss technology, toolkits and talent — topics that may help you decide.
Risk transfer is part of a comprehensive solution
By Adeola Adele, Patrick Kulesa, Kevin Madigan and Alice Underwood
Given the dynamic nature of cyber-risk, taking a multidimensional approach that integrates board governance, technology solutions, behavioral change and risk transfer solutions can help reduce risk to a manageable level.