Cyber Security: How to Manage the Threat from Within

February 28, 2019 Lena Justenhoven

Cyber crime was ranked as the number one risk in North America and number five globally in Aon’s 2017 Global Risk Management Survey. And it is likely to have the same prominence in 2019.

Typically, organizations focus their efforts around cyber security on minimizing external threats. They turn to their IT departments to provide technological solutions or to bolster security levels. But what about the internal threat?

McAfee research shows that the root cause of 43 per cent of data breaches are said to be triggered by human behaviour - and half of these are caused, intentionally, by insiders. 

Are employees the weak link in the chain? If so, what can be done about it?

Part of the solution is recognizing that tightening up cyber security is more than the responsibility of the IT department. It needs to be a firm-wide issue and approached holistically. The article offers four actions to take – but we would like to add a fifth.

  1. Set up a multi-disciplinary team

Involve technical, legal, compliance, HR and other functions to assess risk and areas of vulnerability. As a team, priorities can be agreed, technical remediation actioned and training programmes rolled out.

  1. Train employees to understand the risk and impact of data breaches

There’s a strong need to build understanding and resilience across the workforce. Training and internal communication forms the core of this. Employees must understand how to identify fraudulent behavior – and what to do about it – and to recognize the risks to their own devices.

  1. Manage personal data effectively

Organizations need to prepare data and cyber breach policies which are routinely tested and updated as needed. Access to critical and personal data should be restricted and robust ways to dispose of personal information developed. Data encryption should be implemented where possible.

  1. Develop a culture of trust

A culture of trust is critical. ‘Whistleblowers’ need to feel protected and all employees must understand the action to take should they believe a data breach to have occurred or will occur.  Security must be regarded as a shared responsibility and that everyone has a role to play to safeguard the organization’s data and ensure security.

We believe that a critical component could be the inclusion of assessments to gauge ‘cyber readiness’. Our fifth action would be to:

  1. Select – and develop – the right talent

Include a set of assessments in your hiring process that identify those with cyber security awareness and who show the behavioral characteristics needed in security relevant situations. Understand the integrity of candidates - and look for those with a higher impulse control and ethical awareness. Check for the key competencies of learnability, curiosity, integrity, and agility as this will support an understanding of cyber readiness within the organization and show behavioral gaps that need to be addressed.

Read the full article -

About the Author

Lena Justenhoven

Lena Justenhoven is the product solutions director within Aon’s Assessment Solutions. A leading organizational psychologist, Lena is an acknowledged expert in the design, implementation and evaluation of innovative and future-proof solutions addressing specific client and market needs. She is a sought after speaker about such topics.

More Content by Lena Justenhoven
Previous Article
How to Choose the Right Talent Assessment Vendor
How to Choose the Right Talent Assessment Vendor

Choosing a talent assessment provider has become more challenging. This article breaks down the three key a...

Can AI Help to Identify Competencies Shown in Video Interviews?
Can AI Help to Identify Competencies Shown in Video Interviews?

The growth in video interviews and the exploration of AI begs the question as to how AI may be used in vide...

Subscribe to our talentNews