2017 Cyber Risk Survey
Published by Willis Towers Watson, a partner of the M&A Leadership Council
One in five U.S. and UK organizations that participated in the Willis Towers Watson 2017 Cyber Risk Surveys reported that their organizations have suffered a cyber breach in the last year with 6% of those incidents having been significant, consistent with publicized recent large cyber breaches. Two thirds of U.S. companies, and just under half of UK businesses, see cybersecurity as a fundamental challenge to their organization as reflected in the priority given to cybersecurity — 85% of U.S. employers, and 72% in the UK, regard it as a top priority. To date, technological responses have led the way.
However, growing recognition of the human element in cyber risk means that most companies that responded to the survey expect to focus more heavily on operating procedures and creating a more cyber-savvy workforce in the months and years to come. And with good reason it would seem. Willis Towers Watson’s recent Cyber Claims Database shows that by far the largest proportion of cyber claims reported to insurers stems from employees’ actions, or collective inaction.
The concurrent employee view of the survey appears to offer some explanation for the claim statistics, by showing a disconnect between cyber awareness and accountability of the workforce and organization’s views of their preparedness.
Toward a culture of cybersecurity
While most companies feel they are on the right track in terms of data privacy and information security, many say they are looking to create a culture of cybersecurity in their organization. Most admit, however, to being currently on the lower rungs of the ladder to reach this goal, although they have aspirations to climb it quickly. Over half have no formally articulated cyber strategy now, but over 80% want to be in a position of having embedded cyber risk management within the company culture within three years.