WTW Launches Suite of Cyber Assessments to Help Clients Better Manage Risk

Source: Willis Towers Watson | Published on January 13, 2021

Cyberattacks pose risk to creditworthiness

Willis Towers Watson, a leading global advisory, broking and solutions company, has introduced two new cyber risk assessment services in direct response to the findings from its recent cyber claims insights report.

The report found that:

  • Human error (people risk) was the single biggest root-cause of global cyber incidents / claims, and;
  • Ransomware (and the subsequent business interruption) is the most significant risk when considering first-party losses, or in other words, the direct financial costs to businesses.

Introducing the new solutions, Dean Chapman, Lead Cyber Risk Consultant, Willis Towers Watson, said “the cyber claims insight report has been instrumental in supporting our development of a data driven, client focused suite of cyber risk assessment services. Aligned to our existing cyber insurance and risk transfer capabilities, the new Workforce Cyber Culture Assessment (WCCA) and Ransomware Risk Assessment (RRA) services demonstrate our commitment to supporting clients with tailored solutions to effectively manage risk in a challenging and fast evolving cyber threat environment.”

The Workforce Cyber Culture Assessment (WCCA), is an innovative cyber risk methodology specifically designed to assess people risk and the impact of business culture in a cyber context. It can work to highlight any perceived ‘high risk’ attitudes and behaviours within the workforce to cyber risk, such as current working environment and workplace pressures (a critical area in the current economic climate) and assesses the key factors affecting the likelihood and impact of people-related cyber security incidents. It enables Willis Towers Watson to provide clients with focused and concise recommendations for risk reduction as well as a tailored roadmap to support the achievement of a resilient cyber security strategy with measurable and actionable metrics.

The Ransomware Risk Assessment (RRA) is a custom assessment framework, available for both Information Technology and Operational Technology environments, that focuses on what is amongst the most severe of cyber threats facing organisations globally. The assessment moves beyond just technology controls and observes the entirety of a client’s ransomware threat surface across several key risk areas. The RRA provides clients with a unique, tailored ‘snapshot’ of their ransomware risk posture, as well as offering a practical and concise improvement plan that is designed to assist with the timely remediation of identified security gaps, exposures or vulnerabilities. The delivery process consists of three simple phases ensuring Willis Towers Watson can provide a complete RRA in as little as 3 weeks – from start to finish.

Chapman added “The business impacts associated with people-related security incidents and ransomware attacks are well documented, and both have the potential to be catastrophic from a number of organisational standpoints, including operational, financial and reputational impacts. Whilst the two are intrinsically linked, for example a ransomware attack is often initiated via a breach of the ‘human’, they require slightly different approaches to risk identification, assessment and management. Targeting humans is quicker, easier and comes with much higher success rates – cyber criminals only need to get lucky once. For this reason, we have developed these services to assist our clients in focusing their security efforts on addressing two of the most critical cyber risks to businesses today.”

The Cyber Risk Solutions (CRS) team at Willis Towers Watson offers tailored and flexible risk consulting services that support insurance goals, align cyber risk management with business objectives and deliver cost effective cyber risk resilience. The CRS team can design solutions to meet client needs across a wide range of cyber risk areas including Cyber Risk Assessment and Quantification, Incident Response and Business Continuity Planning, Operational Risk Analysis, Governance and Policy development.