Specialist insurer Hiscox says that more than two thirds of cyber insurance claims result from employee error or negligence.
Despite significant investment made in technological solutions to counter the cyber threat, it’s a business’s employees that often represent the weakest link in the cyber security chain. Over an 18 month period to September 2017, Hiscox found that two thirds (67%) of the cyber related insurance claims it sees from businesses were caused by employee error, negligence or social engineering.
Many of these claims could have been avoided or at least mitigated if employees were better prepared or more aware of the potential cyber risks.
Employee vulnerability to cyber threats
Whether it’s an employee clicking on a link to a website, accessing an attachment which contains a virus, giving away sensitive information like passwords, or perhaps even just mislaying an electronic device or documents, hackers and cyber criminals often see employees as the most vulnerable part of an organisation when they try to breach its cyber defences.
In its recent Cyber Readiness Report 2018, which examined the cyber security readiness of over 4,000 companies across Europe and the US, Hiscox found that firms who scored the highest marks in their cyber preparedness were those who had built in a high level of cyber security training and awareness throughout their workforce. The majority of those firms (80%) said that ‘increased employee training has reduced the number of cyber incidents that disrupt our business’.
Equipping employees to recognise the threat
Effective cyber training needs to cover off those cyber vulnerabilities where employees are most at risk. This will help employees to understand how to create strong and secure passwords, identify potential ‘social engineering’ attempts that con employees into giving up sensitive information or bank details, and protecting personal information from phishing attempts
Crucially, training must not be a one-off but a regular process. Nine out of ten of the cyber experts identified in the Hiscox Cyber Readiness Report review the cyber security competence of their employees on a regular basis, while cyber security competence also forms part of an employee's regular performance evaluation.
Managing regulatory obligations
Regulatory change is another key consideration when it comes to understanding the cyber risk and employee training. Under the new General Data Protection Regulation (GDPR) which comes into force across Europe in May 2018, organisations now have a greater obligation to protect the data they hold and process. For many businesses, this will include customer information such as addresses, contact numbers, bank account or credit card details. Building in employee awareness around these new regulatory requirements will be critical.
Effective security training
Given 73% of organisations fail the Hiscox cyber readiness test and are probably over estimating their resilience towards a cyber attack, Hiscox has launched The Hiscox CyberClear Academy to help its clients provide highly effective online cyber security training for their employees. The Hiscox CyberClear Academy can help businesses stay cyber compliant, reinforcing the all-important human firewall against a growing and complex threat.
Accredited by GCHQ, the UK’s intelligence agency responsible for cyber security, the Hiscox CyberClear Academy incorporates an initial test for every employee which assesses how much they already know about cyber security and which modules they will then need to complete. Training is delivered via a mix of online videos and interactive material, as well as refresher modules which help keep cyber security at the front of mind. Intuitive and easy to use, the Academy provides managers with the capability to check their employees’ progress and stay on top of the ongoing cyber security challenge.
Details of how to access the Hiscox CyberClear Academy will be included in your documents when you buy or renew Hiscox cyber and data risks insurance.
Help protect your business against data breaches, viruses and other attacks from hackers. Hiscox can help minimise any loss and possible damage to your business and its reputation, IoD members receive 5% discount for the lifetime of your policy.
0800 280 0354
Find out more