While many businesses rely on technology to assess their cyber risks, Willis Towers Watson believes an employee survey could help make the task more successful.
The consulting firm and broker is rolling out what it has dubbed the “Cyber Risk Culture Survey,” an employee survey designed to help employers determine how vulnerable they are to cyber risks by assessing employee behavior and practices.
Anthony Dagostino, Willis Towers Watson’s head of Global Cyber Risk, noted that most companies typically use technology to pursue such an assessment. He argued, however, that this approach may not be enough on its own.
“Evidence suggests that many businesses are taking an overly technocratic approach to cyber risk and are in danger of missing the bigger picture,” Dagostino said in prepared remarks. “While technology has an important role to play, it really needs to be linked with an understanding of the human element.”
Dagostino added that compromised data is likely to stem more from “an employee leaving a laptop on the train than from a malicious criminal hack.” With that in mind, he said that “employees and companies with a strong culture and cyber-aware workforce are the first line of defense against cyber risk.”
Willis Towers Watson pitches its survey as a first-of-its-kind product in the marketplace. It is designed with three different variations intended to be tailored to a company’s need. The survey measures cultural elements of cyber risk relating to employee awareness and their actions. It is also designed to help provide a clear picture of an organization’s internal risk culture and identify where vulnerabilities are in terms of employee-driven cyber incidents.
By doing this survey, the idea is that executives could make changes in company culture and other improvements focused on mitigating cyber risks.
Willis Towers Watson said it developed the survey, in part, in response to survey results last May showing why and how employee behaviors and opinions impact cyber risks.
Source: Willis Towers Watson