Research

2017 Cyber Risk Survey Report

June 14, 2017
Willis Towers Watson carried out web-based surveys with a combined 163 U.S. and U.K. employers and over 2,000 employees in each country, a quarter of whom work in a corporate IT function.
Creating a culture of cybersecurity and building a cyber-savvy workforce is of key importance to effectively manage the people, capital and technology risks across every organization.

Creating a culture of cybersecurity and building a cyber-savvy workforce is of key importance to effectively manage the people, capital and technology risks across every organization. Cybersecurity is a challenge and part of a journey toward mitigating risk involving human error and improving operating procedures. These surveys sought to uncover some key challenges employers face when assessing and protecting against cyber risk along with considerations based on employees’ perspective.

Highlights

  • The findings from our surveys signal a shift in cybersecurity strategies. Although companies still think there is more work to do on technological responses, most feel they are broadly on track and making progress in addressing potential weaknesses in their IT infrastructure.
  • Attention is now increasingly turning to the operational- and people-related risks that, claims experience shows, leave companies exposed to cyber risk even with state-of-the-art IT approaches. 
  • There is growing impetus behind the view that building effective cyber resilience has to have its roots within the organization and its people. Solutions are likely to be complex and multidimensional, as is always the case for any kind of cultural change. Certainly, companies may have to adapt their operations to the constantly changing nature of cyberthreats. They should not ignore the expanding risk mitigation options available through the insurance market. But employers will increasingly look to foster a more cyber-savvy workforce, including the use of innovative talent management and reward strategies, to fortify their cybersecurity posture.