U.S. employees remain unprepared for cybersecurity incidents even as most of the companies they work for insist they’re highly protected from threats, according to a new Willis Towers Watson survey.
Nearly 80 percent of employee respondents said that insufficient understanding remains the biggest barrier to their organization effectively managing its cyber risk. About 45 percent said they spent 30 minutes or less on cybersecurity training, and another 25 percent said they didn’t get any training.
What’s more, 61 percent of respondents that did finish their cyber training said they completed only because it was mandated, and 46 percent said that they believed opening any email on their work computer was safe. These last two findings point to the idea that “employees may not be engaged or feel the personal accountability necessary to drive long-term, sustainable behaviors,” Willis Towers Watson said in its promotion of the survey results.
On the executive side, nearly 75 percent of U.S. businesses said they believed they were highly protected from outside cyber attacks. Just under 80 percent said they have the right processes in place to do what they need to in order to address threats to privacy and security.
Willis Towers Watson’s report follows a recent one from the Council of Insurance Agents & Brokers that found that clients are increasingly better informed and asking the right questions as they seek coverage.
Anthony Dagostino, head of global Cyber Risk at Willis Towers Watson, noted in prepared remarks that opening just one suspicious email can cause problems throughout a company, as it did not that long ago with the global WannaCry ransomware attack. But there is discrepancy between executives and the employees they hire in terms of cyber readiness, he said.
“There appears to be a disconnect between executive priorities around data protection and the need to invest in a cyber savvy workforce through training, incentives and talent management strategies,” Dagostino said in prepared remarks.
Company Execs Reader for Cyber Trouble; Employees, Less So
The disconnect hits multiple areas, Willis Towers Watson noted. Among their report’s additional findings:
- More than 30 percent of employees surveyed logged into their work-designated computer or mobile device over an unsecured public network such as public W-Fi.
- 52 percent of employers surveyed feel they’ve made progress addressing cybersecurity factors relating to human error over the last three years.
- 20 percent of companies responding said their organizations faced impact from a cyber breach in the last year.
- 16 percent of companies reported times when senior leaders put confidential information at risk over the last three years.
- 66 percent of U.S. businesses see cyber security as a big challenge for their business.
The full findings are included in Willis Towers Watson’s Cyber Pulse survey, which focused on cybersecurity practices across the United States and involved 92 U.S. companies with respondents covering risk management, finance and accounting, IT and HR. Employee responses covered 2,073 people in the U.S., 82 percent of whom use a computer, tablet or other IT device in their job either sometimes or frequently. Of that number, 507 work in a corporate IT function, the Willis Towers Watson Report said.
Source: Willis Towers Watson