News: 87% of firms see untrained staff as greatest cyber risk: Study

#Learning Landscapes

87% of firms see untrained staff as greatest cyber risk: Study

This is compounded by staff training ranking as one of the weakest progress categories measured by a study.
87% of firms see untrained staff as greatest cyber risk: Study

“The vast majority of cyber incidents result from employee behavior and human error,” --Anthony Dagostino, global head of cyber risk, Willis Towers Watson


The majority of executives (87%) around the world cite untrained staff as the greatest cyber risk to their business according to a new report from “The Cybersecurity Imperative” – a global thought leadership program produced by independent researcher, ESI ThoughtLab in conjunction with Willis Towers Watson. Compounding this finding is the fact that staff training is ranked among the categories to have made the least progress when measured against the National Institute of Standards and Technology (NIST) cybersecurity framework.

The research also identified the most common types of attacks to include malware/spyware (81%) and phishing (64%), with external unsophisticated hackers (59%) and cybercriminals (57%) identified as the next biggest external threats. Based on scores relating to progress on the NIST cybersecurity framework, ESI ThoughtLab segmented companies into three stages of cybersecurity maturity: beginners, intermediates and leaders.

The survey found that a company’s threat perception varied based on the firm’s cybersecurity maturity. For example, cybersecurity leaders tend to focus more on “Hacktivists” (52%) and malicious insider threats (40%), whereas cybersecurity beginners spend more time worrying about external threats (42%), such as partners, vendors, and suppliers.

Additionally, the research highlights that when it comes to cyber resiliency or post-cyber incident processes, cybersecurity leaders invest more in cyber resilience versus their beginner counterparts. As companies become more advanced in cybersecurity, they increase their investment in cybersecurity resilience, with cybersecurity beginners spending 14% of their cyber budget and cyber leaders spending 18% on recovery.

Key findings 

  1. 91 percent of cybersecurity leaders feel their investment is adequate to meet their needs
  2. 33 percent of cybersecurity beginners view their investment as adequate to meet their needs
  3. 73 percent of companies plan to use behavior analytics as a cybersecurity tool over the next two years
  4. 80 percent of companies have at least a small amount of cybersecurity insurance, with healthcare companies averaging one of the highest amounts ($16.4 million) and manufacturing averaging one of the lowest ($8.6 million)

“Leaders in cybersecurity are devoting significant resources towards protecting IT and risk functions within their organizations against external threats, but employee processes and training, as well as corporate culture, play a more integral role than many realize.” As the report highlights, “The vast majority of cyber incidents result from employee behavior and human error,” says Anthony Dagostino, global head of cyber risk, Willis Towers Watson. “In addition to mitigating cyber threats through technology and risk transfer, cyber managers need to take a step back and assess their organizations' cyber defenses within. Cyber managers must adopt a continuous assessment strategy, one that focuses on the overall culture of engagement, talent preparedness and the role of technology and risk transfer.”

The study highlights the need for ongoing cyber risk assessment across people, processes, and technology. Willis Towers Watson’s integrated and holistic approach offers tools and solutions to help organizations with cyber risk assessment, risk quantification, and risk transfer.

Topics: Learning Landscapes, Training & Development

Did you find this story helpful?



Is technology the answer to new-age talent acquisition challenges?

On News Stands Now

Subscribe now to the All New People Matters in both Print and Digital for 3 years.

In the next three years, 120 million jobs in the world’s 10 largest economies will need retraining or re-skilling. To adapt to this new environment and help shape it, employees need to embrace continuous learning. Amid these changes, HR needs to not think, act, or be like traditional HR; they need to understand their job is now “human transformation”. In this issue, we will focus on what HR leaders and organizations need to consider today to prepare for tomorrow.

And Save 59%

Subscribe now