Headquartered in London, Willis Towers Watson is the leading advisory, broking and solutions company. The unique solutions of the entity manage risk, optimize benefits, cultivate talent and expand the power of capital to protect and strengthen organizations from risks.

As technology is increasingly embedded into business processes, cyber-risk has grown, become more dynamic in virtually all industries. Beyond the financial, property and reputational damage cyber incidents can cause, they also can lead to regulatory scrutiny and litigation. The human element as a risk factor in data security breaches is as enduring as it is troubling. Compromised laptops and phishing email scams continue to appeal to hackers as avenues to damage corporate servers and the confidential, sensitive information they maintain. And, as quickly as organizations implement mitigation techniques, hackers develop new methods, putting enormous pressure on cyber-security functions to maintain effective, flexible risk management strategies that can respond to this ever-evolving source of vulnerability.

The Critical Role of People in Cyber-Security

An organization’s people must play a critical role in any cyber-strategy. Recently, Willis Towers Watson commissioned a survey of 306 risks; finance, human resources, information technology and operations decision makers to gain insight into their organizations’ cyber-risk priorities. Of those surveyed, 64 percent said that human capital and employee solutions are a very important focus for cyber loss control, and an additional 36 percent said they are a somewhat important focus. Looking ahead, 68 percent viewed human capital and employee solutions as a very important future focus for their organizations.

More than 70 percent of respondents said that losses related to employee-related cyber-risk is very important. Interestingly, those with roles in information technology and operations were more focused on employee solutions than other respondents were. It’s significant to note that among respondents in risk and finance, only 55 percent deemed human capital and employee solutions as a current very important focus. These findings highlight the need for organizations to focus more attention and resources on cyber-risk created by employees and on employees’ role in overall cyber-risk mitigation. Other research examines the risk created by employees and how IoT, BYOD policies and the changing face of the workforce have combined to accelerate that risk.