12 January 2021IT & claims management analysis

Willis Towers Watson launches human error and ransomware cyber assessment services

Willis Towers Watson has introduced two new cyber risk assessment services, a Workforce Cyber Culture Assessment (WCCA) and Ransomware Risk Assessment (RRA).

The new services come in response to findings in its  cyber claims insights report that human error was the single biggest root-cause of global cyber claims, and that ransomware is the most significant risk when considering first-party losses.

WCCA is a cyber risk methodology designed to assess the risk around human error and the impact of business culture in a cyber context. It can highlight perceived high risk attitudes and behaviours within the workforce that could exacerbate cyber risk, enabling Willis Towers Watson to recommend risk reduction strategies.

RRA is a custom assessment framework, available for both information technology and operational technology environments, that focuses on one of the most severe cyber threats facing organisations globally. It assesses the entirety of a client’s ransomware threat surface across several key risk areas and provides clients with a unique, tailored snapshot of their ransomware risk posture. It also delivers practical and concise advice on how to address security gaps, exposures and vulnerabilities.

The delivery process consists of three phases and Willis Towers Watson said it can provide a complete RRA in around three weeks.

Dean Chapman, lead cyber risk consultant, Willis Towers Watson, said the WCCA and RRA services demonstrated the group’s “commitment to supporting clients with tailored solutions to effectively manage risk in a challenging and fast evolving cyber threat environment.”

He added: “The business impacts associated with people-related security incidents and ransomware attacks are well documented, and both have the potential to be catastrophic from a number of organisational standpoints, including operational, financial and reputational impacts.”

Whilst ransomware attacks are often initiated because of a human error, the two cyber risks require slightly different approaches to risk identification, assessment and management, Chapman noted.

“Targeting humans is quicker, easier and comes with much higher success rates – cyber criminals only need to get lucky once,” he explained. “For this reason, we have developed these services to assist our clients in focusing their security efforts on addressing two of the most critical cyber risks to businesses today.”