Engaged, satisfied workers first line of breach defense, Willis notesReprints
Technology is critical in combating data breaches, but a recent report by Willis Towers Watson P.L.C. notes that focusing on workplace culture can be the first line of defense against cyber attacks.
The report, published this month, found that employees working at companies that are breached scored poorly in training, company image and customer focus. The study looked at more than 400 companies and more than 150,000 IT.
IT workers at companies that have been hacked had a low opinion of employee training. The study said improper training could make new staff members a blindspot and potential source of cyber risk.
Patrick Kulesa, global research director at Willis Towers Watson and co-author of the report, said the findings indicate the importance of effective training not only within IT, but “across the whole enterprise so that people know that they're part of the battle …preventing cyber attacks.”
Resentment over pay also can add to the threat. If IT employees feel they're not properly rewarded for their work, that could keep them from giving an extra effort to identify cyber risk.
Adeola Adele, Willis cyber thought leader and co-author of the report, said there have even been cases of employees selling their passwords for as little as $1,000.
“If you incentivize them from that kind of behavior by giving them a raise,” she said, “they'll be less likely to sell their passwords.”
In addition, the report said, a lack of focus on the customer can set the stage for poor decision making regarding business risks and detract from the vigilance needed to fight efforts to steal customer information.
The report encourages employers to? create an atmosphere that focuses on the customer and develop employee incentive and training programs.
“Every time you read about cyber risk management, a lot of it is about more technology, more technology,” Ms. Adele said. “We're not saying technology isn't critical. It's part of the defenses. But we're saying that when it comes to capital allocation, organizations should really be thinking about all the things we listed but paying more attention to the human element, which is really the critical piece that ties technology and everything together because without your employees engaged, then your technology may fail.”