Two-thirds of cyber breaches arise from employees' negligence or malicious acts, new claims data from Willis Towers Watson shows.
Using its newly launched Cyber Risk Culture Survey solution, the company found 18% of cyber risks were driven by an external threat, while cyber extortion accounted for just 2%.
The asset consultant and advisory business warns that many organisations continue to focus on the technology aspect of cyber defence, which is crucial, but often at the expense of people-related risks, which represent the largest source of data breach claims.
The survey addresses employers' cyber risk in relation to their human capital and workplace culture by tracking things such as risk inherent in employees' behaviours, how to mitigate this factor and build a cyber smart workforce.
Willis Towers Watson financial and executive risks specialist Tanya Stevenson said cyber risk is one of the top-rated business risks faced by Australian companies.
"Companies are increasingly looking to purchase cyber insurance as a risk transfer solution. Those that are best able to articulate their cyber risk culture and their management of cyber risks, beyond their IT departments, are unsurprisingly in the strongest position for negotiations of cyber insurance quotations and coverage," she said.
Asia-Pacific head of talent and rewards Hamish Deery said the data clearly shows companies that have experienced cyber breaches have a different cultural profile.
"Their employees' experience includes a relatively poor induction when joining the company. Especially in IT, this is a serious source of risk if new staff is not effectively trained to manage cyber risk," he said.