Cyber work diagnostic tool to help foster a cyber-savvy workforce by making people the focus: Willis Towers Watson

Willis Towers Watson (WTW) has launched a new cyber work diagnostic tool designed to help bolster organizational readiness by focusing on talent management, emerging skills and roles, and defining the requirements of cyber work.

The idea is to combat an organization’s cyber risks by considering the people piece of cyber security by recruiting, leading and engaging a more cyber-savvy workforce, suggests a statement this week from the global advisory, broking and solution provider.

The company reports the core elements of the new tool include the following:

• application of a work model that defines the nature of cyber security work and how that work grows within divisions covering cyber work for alignment;
• key and emerging skills required for cyber security readiness and identification of critical talent gaps;
• alternatives for addressing talent deficits; and
• prioritized action plan for addressing talent priorities and career enablement.

A recent WTW survey of global company cyber security functions found “companies can benefit from having a deeper understanding of organizational priorities when recruiting for positions in cyber, as well as understanding alternatives and having a comprehensive view of skills gaps and talent deficits,” the company reports.

How does the tool work? Chief information security officers and cyber security leads with HR take part in a workshop series to assess levels of work and organizational needs across their company, including a complete workforce review and plan to identify talent gaps relative to benchmark, WTW explains.

“The tool then addresses a full spectrum of options and provides actionable recommendations for executives to address cyber work readiness,” the company statement adds.

Noting that cyber security is a constantly evolving threat requiring organizational readiness from an effective structure and skilled talent base, WTW emphasizes that it is “essential for human capital experts to assess organizational culture, employee engagement and identify talent and educational gaps to protect against cyber threats.”

“Organizations must give more focus to the people element of cyber risk, particularly within IT functions where vulnerabilities can exist if the right skills and talent are not managing the day-to-day technology of the organization,” Tracey Malcolm, WTW’s future of work leader, says in the company statement.

“It is essential that companies have more sophisticated talent strategies in place to identify vulnerabilities, boost their resiliency and improve employee ‘cyber IQ’,” Malcolm continues.

Related: 73% of U.S. businesses believe their organizations are highly protected from cyber threats, but “low cyber IQ” remains: Willis Towers Watson

Anthony Dagostino, WTW’s global head of cyber risk, told Canadian Underwriter this spring that considering human risk is key to determining how best to combat data breaches and associated costs.

Related: Investments to fight cyber breaches must include technology, people and risk transfer: WTW cyber head

However, “companies tend to place a heavy emphasis on investing in technology to improve cyber defences, which is crucial, however, often at the expense of human risk,” Dagostino pointed out.

Because human risk “represents the largest source of data breach claims,” he said, “this creates a compelling argument for organizations to take a more strategic approach to how they allocate their capital across the three main buckets: technology, people and risk transfer.”