Study Details Impact of Corporate Culture on Data Breach Risk

    Jun 06, 2016

    How can organizations track the extent of the data security breach risk inherent in their employees’ behaviors and determine how to mitigate this factor? A study published last month by Willis Towers Watson, a talent management advisory company, attempts to answer this question. 

    “The answer(s) to this critical question is not only relevant to human resources professionals charged with addressing employee behavioral issues but is also pertinent to corporate leaders, network security professionals, corporate risk managers and insurance underwriters – all of whom are links in the chain of cyber risk management and mitigation,” wrote the authors of the study.

    The study analyzed reports of breach events and the results of corresponding surveys employees had completed at or before the time of the breach event. The research highlights areas where employees are struggling to follow practices and procedures for managing information and data security. According to the study, organizations experiencing data breaches are judged by their employees as lacking a learning culture that flourishes with high integrity and puts the customer at the center of business activity. In particular, workers in those organizations had less favorable views of the training they received and about the company’s focus on the customer.

    According to the study, addressing fundamental emphasis in workplace culture is a first step to creating an environment that supports a holistic, integrated risk mitigation strategy. In addition, the study encourages organizations to follow a cyber risk mitigation approach that includes:

    • Ensuring that enterprise-wide governance is in place
    • Assuming that hackers are already inside
    • Considering technology as one of several lines of defense
    • Insuring against cyber threats that cannot be mitigated
    • Allocating enough capital to the right cyber defenses

    “There is broad awareness of the human element as a risk factor in data security breaches,” said Adeola Adele, employment practices liability product and cyber-thought-leader of Willis Towers Watson’s FINEX North America practice in a press release. “However, to more effectively manage cyber-risk, organizations need to better understand how the various elements of their workforce culture shape their employees’ behavior and, ultimately, either reduce or drive their exposure to cyber-risk.”

    The Washington Policy Brief is an online advisory that contains brief summaries of recent legislative and regulatory issues that may affect the records and information management profession. Further information about the issue is accessed by clicking on the link provided at the end of each summary.


    Want to sign up to receive an e-mail version of the Washington Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.



    © 2017, ARMA International