Businesses need to focus more on employees and company culture in their efforts to manage cyber risk, according to a new study from global advisory and broking company Willis Towers Watson.

The company warned that many organizations continue to focus on the technology aspect of cyber security, which is crucial, but often at the expense of people risks, which represent the largest source of data breach claims.

Willis Towers Watson’s claim data shows that employee negligence or malicious acts account for two-thirds (66%) of cyber breaches. By contrast, only 18% were directly driven by an external threats. Cyber extortion accounted for just 2%. The data shows that about 90% of all cyber claims are the result of some type of human error or behavior.

“Evidence suggests that many businesses are taking an overly technocratic approach to cyber risk and are in danger of missing the bigger picture,” said Anthony Dagostino, head of global Cyber Risk, Willis Towers Watson.

“While technology has an important role to play, it really needs to be linked with an understanding of the human element,” Dagostino said. “The simple truth is that a data compromise is more likely to come from an employee leaving a laptop on the train than from a malicious criminal hack. We believe employees and companies with a strong culture and cyber-aware workforce are the first line of defense against cyber risk.”

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access

Bob Violino

Bob Violino

Bob Violino is a freelance technology and business writer who covers a variety of topics, including big data and analytics, cloud computing, information security and mobile technology.