In a time of incredible volatility and business uncertainty, it might be difficult to pinpoint your greatest business risks. However, according to Aon’s 2017 Global Risk Management Survey and its nearly 2,000 global respondents, the risk organizations feel leaves them most vulnerable is damage to reputation/brand. Number five on the list is cyber crime/hacking. These two interrelated risks have been getting more and more press as organizations shift their focus to create value from the data they possess.
The race to create “digital value” has been on for years. Retailers, healthcare organizations, logistics companies, and just about every other industry are finding ways to use the data they possess to make money. This is how a company like LinkedIn can be sold for $26B. Alphabet is worth more than $600B and much of that value comes from the data they use to respond to you when you “Google” something. Amazon isn’t a bookstore. It isn’t a logistics company. It is a data company and they are worth nearly half a trillion dollars.
Creating digital value comes with great risk and great responsibility. The news recently has been filled with stories about a massive data breach at a well-known company. Data from more than 100 million Americans was stolen. The company’s value shrunk by nearly $2.35B…in a day. In just over a week after the breach announcement, the company lost over $6B of their $17B market cap.
Most executives get the upside of creating digital value. Many CEOs, CHROs, and heads of Talent are failing to understand their true vulnerability. Failing to protect a company’s data is one of the fastest ways to damage the brand and make shareholder value disappear. This vulnerability is not a technology issue. It’s about talent – specifically, it’s about selecting the right people and relentless efforts to engage those cyber security professionals after they have joined the organization.
When an organization recruits for cyber security positions, the focus is often on capabilities. However, capabilities alone won’t determine who will be the most successful employee.
Aon’s North America Assessment Solutions Practice leader, Ernie Paskey says “to fully manage risk, organizations need to account for human behavior. Who will be diligent? Who is skilled at identifying vulnerabilities? Who will support an organizational culture that embraces sensible risk management? Knowing the workforce’s behavioral tendencies and capabilities gives organizations an advantage in cyber security warfare.”
Enabling your cyber security hiring process with a set of assessments that identifies candidates with both the skills and the behavioral characteristics (and eliminates those who aren’t the right fit) is essential to ensuring you have the right people in place to protect your organization from a breach. Think of it as an insurance policy. We expect due diligence in many other parts of our business. It should be a part of our hiring processes – especially for hire value and mission critical positions.
Cyber security’s talent imperative doesn’t stop with getting the right people into the organization. That’s a starting point. What happens once they are a part of the organization may be even more important.
Are these critical employees engaged or taken for granted? Is there a culture of empowerment that encourages people to speak up when something looks off?
“One thing we often find in post-mortems around risk events like safety, ethics, or business operations is a culture of passivity or acquiescence around known areas of exposure,” says Aon’s Global Culture & Engagement Practice leader, Ken Oehler. “Employees have given up because they are not listened to, punished, or the systems or processes are too difficult to overcome. Disengaged or passive employees look the other way. Highly engaged employees and leaders speak up and initiate change to reduce the exposure.”
Never in history have humans been as creative, productive, and valuable than right now. The other side is that never in human history can the failure of a key person or team be so damaging to a company’s financial standing or brand. Understanding that there is incredible value in the data companies possess should convince any executive or HR professional that they cannot risk cutting corners on assessing and engaging the people protecting that information.
To learn how Aon can help you assess and engage your cyber security professionals, email firstname.lastname@example.org to talk with one of our experts.