The High Risk of a Low Cyber IQ

Hilary Tuttle


August 1, 2017

cyber IQ employee cyber risk

Every organization’s biggest cyberrisk is its employees—and even employees agree. In Willis Towers Watson’s recent Cyber Pulse Survey, 61% of employees ranked “insufficient understanding” as their organization’s biggest barrier to effectively managing cyberrisk.

While two-thirds of firms believe they have the right processes in place to react to privacy and security threats, they continue to dedicate inadequate resources to managing the risk of low “cyber IQ.” Less than half (46%) of employees reported spending 30 minutes or less on cybersecurity training in 2016, and 27% received none at all. Of the employees who completed some form of cyber education, 62% said they “only completed the training because it was required,” and even after such education, 44% believe that “opening any email on their work computer is safe.”

Many employers do appear to recognize that inadequate training is an ongoing issue, however, as only 40% of those surveyed believed the organization had made progress addressing cyberrisks tied to human behaviors over the past three years.

Hilary Tuttle is managing editor of Risk Management.