- World Economic Forum(WEF) Global Risks Report 2019 highlights worsening international relations hindering action across a growing array of serious challenges
- Comments on Brexit vote impasse
- Allianz Risk Barometer highlights cyber and concerns around Brexit as as top risks in UK
- Willis Re's Summary of Natural Catastrophe Events 2018 report estimates insured losses from major natural catastrophes at around $71.5bn
- BIBA highlights opportunities for business in 2019 Manifesto
- UK Comprehensive car insurance prices fell by 6% in 2018 says Confused.com/ Willis Towers Watson analysis
- Insurance Europe concerned that the European Commission’s proposal for an ePrivacy Regulation could hamper insurers’ ability to offer innovative insurance policies to consumers expired
- ArgoGlobal collaborating with broker Axieme and digital platform Jobby in Italy to respond to a need for on-demand, pay-as-you-go insurance for temporary and short-term workers expired
- LV= General Insurance successfully deploys Guidewire Core and Data solutions in the largest transformation the business has ever undertaken expired
- Marsh announces that it had placed more than 10,000 risks in 2018 through Placing Platform Limited(PPL)-over 15,000 in total expired
- ZhongAn and Grab to establish joint venture company to enter the digital insurance distribution business in Southeast Asia expired
- Greenlight Capital Re becomes largest shareholder in Chicogo-based MGU AccuRisk expired
21st October 2018
The majority of executives(87%) around the world cite untrained staff as the greatest cyber risk to their business according to a new report from “The Cybersecurity Imperative”
The majority of executives(87%) around the world cite untrained staff as the greatest cyber risk to their business according to a new report from “The Cybersecurity Imperative” a global thought leadership program produced by independent researcher, ESI ThoughtLab in conjunction with Willis Towers Watson and other organisations specialized in cybersecurity and risk management. Compounding this finding is the fact that staff training is ranked among the categories to have made the least progress when measured against the National Institute of Standards and Technology (NIST) cybersecurity framework.
For the Cyber Security Imperative, ESI Thought Lab surveyed 1,300 organisations with revenues ranging from under $1bn to over $50bn, across multiple industries spanning APAC, Europe, US/Canada and Latin America.
The research also identified the most common types of attacks to include malware/spyware(81%) and phishing(64%), with external unsophisticated hackers(59%) and cyber criminals(57%) identified as the next biggest external threats. Based on scores relating to progress on the NIST cybersecurity framework, ESI ThoughtLab segmented companies into three stages of cybersecurity maturity: beginners, intermediates and leaders.
The survey found that a company’s threat perception varied based on the firm’s cybersecurity maturity. For example, cybersecurity leaders tend to focus more on “Hacktivists” (52%) and malicious insider threats(40%), whereas cybersecurity beginners spend more time worrying about external threats(42%), such as partners, vendors, and suppliers.
Additionally, the research highlights that when it comes to cyber resiliency, or post-cyber incident processes, cybersecurity leaders invest more in cyber resilience versus their beginner counterparts. As companies become more advanced in cybersecurity, they increase their investment in cybersecurity resilience, with cybersecurity beginners spending 14% of their cyber budget and cyber leaders spending 18% on recovery.
Some other key findings around cybersecurity maturity and investment in cyber risk include:
91% of cybersecurity leaders feel their investment is adequate to meet their needs
33% of cybersecurity beginners view their investment as adequate to meet their needs
73% of companies plan to use behaviour analytics as a cybersecurity tool over the next two years
80% of companies have at least a small amount of cybersecurity insurance, with healthcare companies averaging one of the highest amounts($16.4m) and manufacturing averaging one of the lowest($8.6m).
“Leaders in cybersecurity are devoting significant resources towards protecting IT and risk functions within their organisations against external threats, but employee processes and training as well as corporate culture play a more integral role than many realize.” As the report highlights, “The vast majority of cyber incidents result from employee behaviour and human error,” says Anthony Dagostino, global head of cyber risk, Willis Towers Watson. “In addition to mitigating cyber threats through technology and risk transfer, cyber managers need to take a step back and assess their organisations cyber defences within. Cyber managers must adopt a continuous assessment strategy, one that focuses on the overall culture of engagement, talent preparedness and the role of technology and risk transfer.”
The Cybersecurity Imperative highlights the need for ongoing cyber risk assessment across people, processes, and technology. Willis Towers Watson’s integrated and holistic approach offers tools and solutions to help organsations with cyber risk assessment, risk quantification and risk transfer.
Willis Towers Watson Trends(157 articles)
Cyber Trends(656 mentions in Insurance Newslink)