Dive Brief:

• Apart from the potential loss of valuable customer or company data, employers suffering a data breach from "non-hacking" issues such as compromised laptops and phishing email scams may also have a morale problem, according to a new analysis from Willis Towers Watson
• The main finding in the analysis is that employers who experience data breaches are judged by their employees as having a poor learning culture, among other negatives.
• Willis Towers Watson analyzed employee survey results across its database, grabbing opinions from over 450,000 employees corresponding to when significant data breaches were identified within their companies. It then benchmarked those results against global high-performance companies and global information technology (IT) staff.

Dive Insight:

Published in a client alert titled “Inside Threat: Why Employee Behavior and Opinions Impact Cyber-Risk,” the study provides a snapshot of employee opinions within firms that have experienced cyber-breaches. Study authors suggest that an emphasis on workforce culture may be the first line of defense against cyber risk.

Compared to the high-performance group, employees at data breach companies report significantly lower scores in three areas of workforce culture: training, company image and customer focus.

Patrick Kulesa, global research director, Willis Towers Watson’s Research and Innovation Center, said that the data is significant because it offers "an inside view" of workforce culture, and for the first time uncovers the vulnerabilities within companies experiencing cyber-breaches based on their employees.

Adeola Adele, of Willis Towers Watson’s FINEX North America practice, said that to more effectively manage cyber-risk, employers need to better understand how the various elements of their workforce culture shape their employees’ behavior and, ultimately, either reduce or drive their exposure to cyber-risk.