Broker Willis Towers Watson has beefed up its cyber offering to clients following the results of its recent report into cyber threats and their causes.
Its Cyber Insights report found human error (people risk) was the single biggest root-cause of global cyber incidents/claims, and ransomware (and the subsequent business interruption) is the most significant risk when considering the direct financial costs to businesses.
In response it has launched two new assessment tools which it said will enhance the ability for clients at identify and deal with human and ransomware threats.
The first is the Workforce Cyber Culture Assessment (WCCA), a cyber risk methodology specifically designed to assess people risk and the impact of business culture in a cyber context. It can work to highlight any perceived ‘high risk’ attitudes and behaviours within the workforce to cyber risk, such as current working environment and workplace pressures (a critical area in the current economic climate) and assesses the key factors affecting the likelihood and impact of people-related cyber security incidents.
The Second is a Ransomware Risk Assessment (RRA) tool. RRA is a custom assessment framework, available for both Information Technology and Operational Technology environments. WTW said the assessment moves beyond just technology controls and observes the entirety of a client’s ransomware threat surface across several key risk areas.
Dean Chapman, Lead Cyber Risk Consultant, Willis Towers Watson said: “The business impacts associated with people-related security incidents and ransomware attacks are well documented, and both have the potential to be catastrophic from a number of organisational standpoints, including operational, financial and reputational impacts. Whilst the two are intrinsically linked, for example a ransomware attack is often initiated via a breach of the ‘human’, they require slightly different approaches to risk identification, assessment, and management.
“Targeting humans is quicker, easier and comes with much higher success rates – cyber criminals only need to get lucky once. For this reason, we have developed these services to assist our clients in focusing their security efforts on addressing two of the most critical cyber risks to businesses today.”