Addressing the human element in cyber risk: The HR/risk management partnership
According to the latest research by Willis Towers Watson, cyber security continues to be widely viewed as a fundamental challenge (66%) and a top priority for organizations (85%). What’s more, the 2017 Willis Towers Watson Cyber Risk Employer Survey shows that while today only 8% of organisations have embedded cyber risk management within their company culture, organizations expect this percentage to increase to 85% in the next three years — evidence that organizations are beginning to realise the role that employees play in overall in building a resilient cyber risk culture. Perhaps most important, however, only 37% of employers think risk managers and HR work closely together on cyber risk management. This needs to change.
Effective cyber risk management: it starts with your people
HR is often the keeper of highly sensitive and confidential employee data and records often sought after by cyber criminals
Recent cyber insurance claims data shows that two-thirds of incidents are the direct result of employee behaviour – for example, negligence leading to lost devices and malicious insiders seeking to profit from corporate espionage. When analyzing the other 33% of incidents, a large portion can ultimately be traced back to additional human factors such as talent shortage, skill deficits and employee engagement. Given these results, in order to drive a culture that creates cyber smart employees, organizations’ human resources professionals must be brought more prominently into the conversation.
HR is often the keeper of highly sensitive and confidential employee data and records often sought after by cyber criminals, but it also plays a crucial role in employee engagement and organisation culture around cyber security strategy.
What’s more, HR can help identify deficiencies in talent and skills within critical roles and flag IT departments that may be creating vulnerabilities.
The CHRO: Missing in the cyber risk management process
Insurance risk managers have led and continue to lead the charge in managing cyber risk for their organizations. To their credit, they have made major strides in bringing their CISOs or CIOs along in understanding the critical role that cyber insurance plays in managing the risk.
This explains the increasing involvement of CISOs/CIOs in the insurance application and procurement process. One key role that is missing in this process, however, is the Chief Human Resources Officer (CHRO).
Effective cyber risk management is a team sport, and, more importantly, because cyber risk begins with and ends with people, here are some ways that risk managers and CHROs can help their organisations thrive:
Risk managers and CHROs can work together to evaluate organisation culture (e.g., training, leadership, rewards) and talent/skills deficiency issues that create cyber risk
HR can help risk managers better understand the employee-related governance and procedures (e.g., employee training, social media policies) in place for managing risk
Risk managers can help HR understand insurance limits, retentions, and why insurance underwriters request certain employee-related information (e.g., frequency of training, BYOD policies) in the insurance application process
Risk managers and CHROs can attend cyber risk conferences together. In addition to presenting a united front, this strategy gives the two executives an opportunity to develop an integrated approach from each function’s perspective.
Sign up to TrustFiducia and get access to eLearning education for your employees
TrustFiducia to Plan, Prepare, Protect
We advocate best practice in Cyber mitigation is the application of 5 overlapping best practices across IT, Processes, Regulatory, Insurance and People Education.
At TrustFiducia, we provide our clients with access to our eLearning platform where employers and employees can benefit from online access to the latest threats and mitigation best practices.
We offer readiness assessments and advice on changes to your organisation to mitigate exposures across the five areas and also provide clients with access to regular monthly webinars giving participants the chance to interact with industry experts in the field during Q&A sessions.
Finally we offer a comprehensive Insurance offering, underwritten by Chubb, that gives you peace of mind that if you are a victim of a Cyber Breach, you'll have all the support you require to get you back online with minimal disruption or loss.
This cost effective insurance can be bought online within minutes giving you full access to the suite of support resources through-out, all free of charge.