Dive Brief:

Willis Towers Watson, global advisory, broking and solutions company, says businesses should focus more on employees and company culture in managing cyber risk. The company launched a Cyber Risk Culture Survey to determine employees’ involvement in cyber breaches.

The survey shows that 90% of cyber risks are caused by human error. The survey also shows that 66% of cyber breaches are caused by employees’ negligence or malicious acts. External threats made up only 18% of cyber breaches and extortion made up 2%.

Anthony Dagostino, head of WTW’s global Cyber Risk, warned that a data compromise is more likely when an employee leaves a laptop in a public space than if a malicious criminal hack occurred.

Dive Insight:

Cyber risk, like theft, can be the work of an insider who’s familiar with internal systems — though, more often, such breaches are done accidentally. For that reason, employers must set and enforce cyber security policies, and hire or contract with cyber security experts who can find vulnerable areas in HR management systems and upgrade them.

Since HR keeps much of the data on employees, HR departments are an increasingly popular target for phishing schemes and other cyber attacks. Employers need to not only keep personally identifiable information (PII) such as as health records, payroll information, social security numbers and home addresses in a secure place, but educate those who have access to those documents on the warning signs of phishing or spoofing attacks.