Employee mistakes and poor security are leaving businesses open to cyber-attacks; addressing these issues will allow companies to access full levels of cyber insurance, according to a recent QBE report.
QBE’s survey revealed that almost a third of employees (31%) have made mistakes that could impact the cyber security of their workplace.
These ranged from falling victim to a phishing scam (5%), accidentally clicking a link or downloading something that resulted in malware being added to a work device (7%), losing or having a work device stolen (6% and 7%) to sharing passwords with colleagues (13%).
Additionally, less than half (46%) of the participants said their workplace provides cyber security training for employees in place. Only 43% said that they have multifactor authentication (MFA) to log on to work devices/systems, and 29% they have phishing and cyber scam simulation exercises.
The results suggest that companies should be looking into how they can educate employees to be more aware of risks and take necessary steps to mitigate them in order to have a more robust cyber security plan in place, QBE stated.
Erica Kofie, Head of Cyber Proposition for QBE Europe said: “Your employees can be your weakest link when it comes to cyber security and it is important to have an education programme in place to remind them about the risks, how to spot suspicious activity and what to do (and not do). Sporadic phishing simulations are also recommended to highlight areas of your workforce you might need to spend more time educating about the risks.”
QBE highlighted the need for businesses to keep an eye on emerging risks. In the case of cyber risks, cyber-attacks are constantly evolving and businesses should make sure they are regularly reviewing cyber plans to keep up.
Phishing is one example where techniques by criminals are becoming increasingly sophisticated. 13% of employees surveyed said they would not feel confident in recognising a phishing scam.
In addition, with the rise in artificial intelligence, the majority of those surveyed (56%) said they believe artificial intelligence (AI) will actually increase cyber risk rather than reduce it (12%).
Kofie highlights the need for businesses to be carefully looking at factors such as IT security, employee training and response plans to not only be more resilient to cyber risks, but also to improve their risk profile, which affects the level of coverage cyber insurers will offer and at what premium.
She concluded: “It’s crucial for businesses to take stock of their cyber security, not only to address any gaps that might let criminals in, but also to ensure they can access full levels of insurance.”
“As part of our ongoing dialogue with customers, we focus on ‘being ready’, and part of this includes sharing appropriate information on failed attacks, which protections worked, the vulnerabilities which have allowed cyber breaches to happen, and ways to improve security.”
