To better prepare against attacks, organisations should continually assess their overall cyber risk profile (internal and external), remediate where necessary and proactively manage their defence, according to the CEO of Aon’s Cyber Solutions, J Hogg. Securing an organisation requires security mandates and focus from the Boards and Executives. Too often, cyber risks become a priority only after a cyber incident has occurred.
So as traditional industries, including the “brick-and-mortar” industry, rapidly evolve into digital economies/providers, they face multiple new and unrecognised exposures. Aon’s cyber security experts recommend the following four steps to help organisations deal with cyber risks both internally and externally:
- Identify – cyber risk profiling to help you gain a thorough understanding of your cyber risk exposures and areas of improvement.
- Mitigate – cyber incident readiness assessments to evaluate your response capabilities during a crisis.
- Transfer – bespoke cyber insurance solutions that suit your company’s specific risk profile.
- Select – and develop – the right talent – assess your organisation’s cyber readiness including assessing if your organisation is hiring individuals with cyber security awareness and who show the behavioural characteristics needed in security relevant situations.
The fourth step is gaining increased spotlight for a number of reasons – according to the EU Commissioner for Security Union ‘95% of attacks involve some human interaction with technology. Building resilience also means changing behaviours to improve cyber hygiene and having the right skills to drive technological innovation to stay ahead of attackers.’ Aon’s Global Culture & Engagement Practice says that one thing we often find in post-mortems around risk events like safety, ethics, or business operations is a culture of passivity or acquiescence around known areas of exposure. Employees have given up because they are not listened to, punished, or the systems or processes are too difficult to overcome. Disengaged or passive employees look the other way. Highly engaged employees and leaders speak up and initiate change to reduce the exposure.
Aon’s North America Assessment Solutions Practice leader, Ernie Paskey says “to fully manage risk, organisations need to account for human behaviour. Who will be diligent? Who is skilled at identifying vulnerabilities? Who will support an organisational culture that embraces sensible risk management? Knowing the workforce’s behavioural tendencies and capabilities gives organisations an advantage in cyber security warfare.”
Unfortunately, selecting, training and retaining key personnel isn’t easy. Organisations globally have identified the failure to attract and retain top talent as one of their top 10 risks. Beginning to fill that gap depends on organisations knowing who can be effective in each role. What makes the difference between winners and losers is the ability to identify, recruit and retain the key talent. Aon’s Talent Assessment team recommend organisations:
- Identify digital talent early in the hiring process with a view to future-proofing your selection decisions.
- Assess your current employees’ digital readiness and help them master skills needed to succeed in the digital world of work. Spot digital talent and create career paths for digital leaders.
- Support your business’s digital transformation by defining the digital personality traits needed to drive your digital journey and understand the process that needs to be changed.
Once you have the right people in the organisation, organisations must develop a structure that’s right for the talent and organisation and then reward them for accomplishments. Digital transformation often results in a reformulation of what work the organisation needs, how the work gets done, and who does the work, unique to that organisation. This has a significant impact on the way rewards should be structured. It is important to determine how much of the organisation’s rewards approach needs to change. The goal for non-technology companies hiring for new jobs isn’t to imitate technology companies, but, rather, to identify the structural attributes that help to attract and retain people who are ‘tech savvy’ or ‘digital natives’. Organisations should look at:
- Reward strategy development/reformulation – this includes re-examining the market for talent, target market positioning, pay mix, to build or buy talent, degree of customisation.
- Job architecture/reward design – organisations should re-examine the work that needs to happen and how that work gets done. This can either be on a focused basis only (e.g. just for tech roles) or on an organisation-wide basis. Common attributes include dual career tracks, greater agility and flexibility to move throughout the organisation, a global levelling structure that also enables mobility, and simplified job structures with broader job families.
- Data/insights – it is increasingly common for non-tech companies to try to compete for talent with technology companies. In order to do so effectively, they need to know more about the pay practices in the technology sector and market. With almost 3,000 tech companies in Aon’s Radford survey, survey participants and Aon consultants are able to leverage every aspect of Aon’s database to provide pay data, program design and talent management insights unmatched by many other firms.
For more information on how Aon can support you with any of the above, please contact us.
 Aon’s 2019 Global Risk Management Survey