Insurance broker Willis Towers Watson has introduced two new cyber risk assessment services: the Workforce Cyber Culture Assessment (WCCA) and the Ransomware Risk Assessment (RRA)
Willis Towers Watson describes the WCCA as an innovative cyber risk methodology specifically designed to assess human risk and the impact of corporate culture in a cyber context. It highlights all perceived attitudes and behaviors of high-risk personnel towards cyber risks, such as the current work environment and workplace pressures (a critical area in the current economic climate) and assesses the key factors influencing the likelihood and impact of people-related cyber security incidents. It enables Willis Towers Watson to provide clients with targeted and concise recommendations for risk reduction as well as a tailored roadmap to support the achievement of a resilient cybersecurity strategy with measurable and actionable metrics.
The RRA is described as a tailor-made assessment framework, available for both information technology and operational technology environments, that addresses the most serious cyber threats facing organizations worldwide. The assessment goes beyond technology checks and observes the full surface of a customer's ransomware threat in several key risk areas. The RRA provides customers with a unique, tailored "snapshot" of their ransomware risk position, as well as a practical and concise improvement plan designed to assist in the timely resolution of identified security vulnerabilities, exposures, or vulnerabilities. The delivery process consists of three simple phases, enabling Willis Towers Watson to deliver a complete RRA in just three weeks – from start to finish.
These two services were developed in response to Willis Towers Watson & # 39; s findings report on insights into cyber claims, published in July 2020, which found that:
- Human error (human risk) was the largest single cause of cyber incidents / claims worldwide, and
- Ransomware (and subsequent business interruption) is the primary risk when considering first party losses, or in other words, direct financial costs to businesses.
"The business consequences associated with person-related security incidents and ransomware attacks are well-documented and both can be catastrophic from a number of organizational standpoints, including operational, financial and reputational damage," said Dean Chapman, chief cyber risk advisor. , Willis Towers Watson.
"While the two are intrinsically linked, a ransomware attack, for example, is often initiated through a" human "intrusion, but they require slightly different approaches to risk identification, assessment and management," Chapman said. “Targeting people is faster, easier and has much higher success rates – cyber criminals only have to get lucky once. For this reason, we have developed these services to help our customers focus their security efforts on addressing two of the most critical cyber risks facing businesses. "
Source: Willis Towers Watson
The most important insurance news, delivered to your inbox every working day.
Receive the trusted newsletter from the insurance industry