Skip to main content
Article | Decode Cyber Brief

The human element remains a leading cause of cyber risk

Decode Cyber Brief – Winter 2019 Edition

Cyber Risk Management|Corporate Risk Consulting|Insurance Consulting and Technology
N/A

January 18, 2019

A bi-annual publication featuring the latest trends in managing the people, capital and technology risks related to cybersecurity across your enterprise.

We are excited to present the Decode Cyber Brief for winter 2019, following on our last edition, which included a unique analysis of the General Data Protection Regulation (GDPR), blockchain, and essentials for effective security awareness. As we begin the New Year, we are pleased to present the Willis Towers Watson 2017-18 Reported Cyber Claims Index, consisting of 288 cyber claims specially selected to represent different industries, incidents, severity and loss amounts that we reported to insurers on behalf of our clients.

As shown in the chart below, the human element remains a leading cause of cyber risk, associated with 61% of the claims. The increase of social engineering claims from last year (up to 17% from 10%) is attributable to its low-cost and high-return nature. Social engineering relies on the weakest link in cybersecurity: human behavior. As a result, bad actors appear to be devoting more resources to creating new, more sophisticated methods of social engineering. Organizations must allocate sufficient capital for cybersecurity training and education to combat the threat.

Type of loss

We also recently released a comprehensive study about organizations’ cybersecurity performance conducted by leading research firm, ESI ThoughtLab, together with a cross-industry coalition of organizations, including Willis Towers Watson and WSJ Pro Cybersecurity. For the study, ESI ThoughtLab surveyed 1,300 organizations with revenue ranging from under $1 billion to over $50 billion, across multiple industries spanning Asia, Europe, North America and South America.

In this edition, Donna Wilson and Brandon Reilly of Mannatt, Phelps & Phillips, LLP alongside Linda Kornfeld of Blank Rome and Willis Towers Watson’s Ashley Hart take an in-depth look at the changing exposures and risks posed by the California Consumer Privacy Act. Dan Twersky spotlights the proliferation of cryptojacking, the unauthorized use of a computer to mine cryptocurrency, and suggests strategies to help organizations prevent the risk to their networks. Andrew Hill, a product innovation leader, examines comments made by the Court of Appeal in its recent decision in Various Claimants v Wm Morrison Supermarkets Limited [2018] EWCA Civ 2339. Willis Towers Watson’s Neeraj Sahni and Ankur Shetha, a cybersecurity expert at Ankura Consulting, examine the operational risks of Microsoft Office 365 and provide guidelines for optimal security. Finally, Rob Barberi spotlights the unique cyber risks the health care industry faces, and offers steps to efficiently manage them.

We hope you find this edition both useful and insightful. As always, we welcome your feedback.


  1. 01

    Cryptojacking: Ransomware’s sneaky cousin is the new kid on the cyber block

    Dan Twersky | January 18, 2019

    Given the ease of ransomware, these types of attacks are growing. However, a variant of the ransomware scheme known as “cryptojacking” has become prolific over the past year, and according to some security experts, has even superseded ransomware as the top malware threat. Read the article


  2. 02

    Court rulings leave UK companies financially exposed to data protection misdeeds of rogue employees

    Andrew Hill | January 18, 2019

    A recent court case serves as an example of how data breaches caused by corporate system failures or negligence by employees may give rise to a significant number of claims against companies for “potentially ruinous amounts”. Read the article


  3. 03

    Health care organizations are in cyber criminals’ crosshairs, but coordinated action can protect you

    Robert Barberi | January 18, 2019

    Health care organizations continue to be prime targets for hackers. While there is no process that will guarantee immunity to a cyberattack, these measures should help put any health care organization on a path to cyber resiliency. Read the article


  4. 04

    Business email compromises: 365 days of vigilance

    Neeraj Sahni (Willis Towers Watson), Ankur Sheth (Ankura Consulting) | January 18, 2019

    The operational risk that can occur when using Microsoft Office 365 (O365) has made this platform a favorite target of hackers. A few best practices, if followed correctly by enterprise network management and employees, could help reduce the extent of damage should a hacker infiltrate O365 Read the article


  5. 05

    Changing exposures and risks posed by the Consumer Privacy Act: What you need to know and what lies ahead

    Ashley L. Hart, Donna Wilson, Linda Kornfeld and Brandon Reilly | January 18 2019

    While the CCPA will not go into effect until January 1, 2020 at the earliest, it is important for businesses to evaluate the CCPA’s potential risks and exposures alongside their own current privacy and data security policies. Read the article


Contact Us