Service to measure cyber ‘human error’ risk

Willis Towers Watson has introduced the Workforce Cyber Culture Assessment (WCCA), a cyber risk methodology designed to assess people risk and the impact of business culture in a cyber context.

The cyber risk assessment service was launched in response to the findings from its recent cyber claims insights report, which found that human error (people risk) was the single biggest root-cause of global cyber incidents.

It can work to highlight any perceived ‘high risk’ attitudes and behaviours within the workforce to cyber risk, such as current working environment and workplace pressures (a critical area in the current economic climate) and assesses the key factors affecting the likelihood and impact of people-related cyber security incidents.

It offers clients focused and concise recommendations for risk reduction as well as a tailored roadmap to support the achievement of a resilient cyber security strategy with measurable and actionable metrics.

The broker is also offering clients a Ransomware Risk Assessment (RRA) framework, available for both Information Technology and Operational Technology environments, which focuses on what is amongst the most severe of cyber threats facing organisations globally.

Ransomware (and the subsequent business interruption) is the most significant risk when considering first-party losses, or in other words, the direct financial costs to businesses.

Dean Chapman, lead cyber risk consultant, Willis Towers Watson, said: “The business impacts associated with people-related security incidents and ransomware attacks are well documented, and both have the potential to be catastrophic from a number of organisational standpoints, including operational, financial and reputational impacts.

”Whilst the two are intrinsically linked, for example a ransomware attack is often initiated via a breach of the ‘human’, they require slightly different approaches to risk identification, assessment and management.”

”Targeting humans is quicker, easier and comes with much higher success rates – cyber criminals only need to get lucky once.”

The ransomware assessment observes the entirety of a client’s ransomware threat surface across several key risk areas, offering a ‘snapshot’ of the company’s ransomware risk posture, as well as offering a practical and concise improvement plan that is designed to assist with the timely remediation of identified security gaps, exposures or vulnerabilities.