Press Release

Only 13 percent of board members feel their organizations learn from past cyber mistakes, says Willis Towers Watson

Global Economist Intelligence Unit survey, sponsored by WillisTowers Watson, found boards were not confident in their application of post-cyber breach learnings

June 19, 2018

LONDON/NEW YORK, June 19, 2018 – A majority of executives around the world feel their organizations can do better when it comes to learning from their past cyber mistakes, according to the results of a newly released global survey conducted by The Economist Intelligence Unit (EIU) and Willis Towers Watson. The EIU surveyed over 450 companies across the globe about their strategies and the challenges they face in building cyber resilient organizations.  While most organizations regard themselves as doing a good job on incident response, only thirteen percent said their organizations were above average in incorporating learnings from cyber incidents into resilience strategies.

The survey found little consensus among boards and executives on cyber resiliency planning, including the deployment of strategies across the organization, where to allocate funds, and what areas of the organization are most at risk. The split in cyber preparedness was also apparent across geographies, as North American companies contrast strongly with their peers in Asia and, to some extent, the EU on issues such as expectations for frequency and impact of cyber-attacks, and confidence in their ability to recover from a breach. Interestingly, of the four regions surveyed (North America, UK, Europe and Asia), the UK had the highest rate of perceived cyber resiliency at 21%.

Some other key findings of the report include:

  • The average corporate cyber resilience spend was about 1.7 percent of revenue, and 96 percent of board members believe that isn’t enough
  • North America spent the highest on cyber-resilience as a percent of revenue (2-3%), whereas the other regions spent between 1-2% or less
  • Among executives, there is little consensus on how to allocate cyber budgets – but very close responses were given between “technology to harden cyber-defenses” and “IT talent acquisition, skills training/development” 
  • 3 out of the 4 regions believe that the “board as a whole” should oversee cyber risk, while Europe disagreed saying it should be a dedicated cyber group.

“It’s important for companies to understand that achieving cyber resiliency is a company- wide imperative, one that shouldn’t be sequestered to certain roles or functions,” says Anthony Dagostino, global head of cyber risk with Willis Towers Watson. “Boards should emphasize the need for a strategic framework, and the C-Suite should set the tone within their organizations by empowering stakeholders, such as IT, Risk, HR, legal and compliance to drive an integrated risk management and resiliency strategy. While technology will remain a crucial defense, more than half of cyber incidents are attributable to employee behavior and talent deficits in cybersecurity roles, so investing in other areas such as human capital solutions and cyber insurance have to become part of regular board and C-Suite conversations.” 

About Willis Towers Watson Cyber

Willis Towers Watson takes a holistic approach to cyber resiliency, with the understanding that a complete corporate cyber solution addresses and incorporates people, capital, and technology. Our cyber experts have decoded the complexity of the current cyber threat landscape to deliver this integrated perspective to major enterprises across sectors. As a global leader in human capital solutions, risk advisory and broking, we are well prepared to assess an organization's cyber vulnerabilities, providing protection through best-in-class solutions and mitigating the risk of future attacks. Explore comprehensive cybersecurity solutions at willistowerswatson.com/cyber.

About Willis Towers Watson

Willis Towers Watson (NASDAQ: WLTW) is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has over 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas — the dynamic formula that drives business performance. Together, we unlock potential.