Keeping up with cyber trends is vital for success in any industry, and is specifically prevalent in the insurance sector. Falling behind can lead to large payouts and companies losing money. So how can this be avoided? Well, one way is through understanding and constantly learning about cyber risks. Employees simply checking off a training module isn’t enough – the learning must be a continuous process.
Following the Chartered Insurance Institute’s (CII) research regarding cyber insurance knowledge gaps within firms, Adrian Harvey, CEO at AI provider Elephants Don’t Forget – which supports the employee competency improvement of the UK’s top five general insurers – examines why behavioural science in the field of learning and development can support organisations to embed retention of critical subject matter and develop a positive and evidential culture of cyber resilience.
“With the CII recently highlighting that cyber insurance knowledge gaps could result in misselling and poor customer outcomes; it was concerning to read that almost six out of ten insurance professionals surveyed stated they had not received any training about cyber risks even though they were involved with pricing or underwriting policies related to them.
“On a positive note, with nine out of ten professionals actively stating that they want to learn more about cyber risks through their training, continual professional development is needed to ensure employee knowledge stays ahead of evolving risks.
“However, it is vitally important for firms to remain vigilant about the methodologies they deploy to ensure that their training is continually retained. It is also critical – from both a risk assurance and return on investment point of view – that the evidential outcome of their training actually improves the knowledge of their employees and provides firms with the ability to forecast where their greatest individual people-base risks are and rectify them quickly.”
Harvey contends that the methodologies requested by employees reported in the CII survey to help assimilate cyber awareness training may not provide the continual approach to learning which is needed to improve retention of critical subject matter and individual competency levels.
The CII’s survey noted that, whilst almost all the respondents wanted more training about emerging cyber risks, most of the training methodologies requested were in the form of ‘default’ techniques such as online courses, webinars, self-election e-guides and single point in time assessments.
Instead, Harvey urges firms to consider the shortcomings of these approaches and understand the benefits of applying behavioural science within their learning and development deployment to better support their employees.
Harvey outlined the principles of their technique which is deployed by leading organisations including Allianz, RSA, Direct Line Group, and Aviva; a technique which, in conjunction with Aviva and Aviva Canada, recently secured a cooperative gold award at the Brandon Hall Group Human Capital Management (HCM) Excellence Awards 2021 in the category of Best Advance in Machine Learning and AI.
“It has been theorised that many of the ‘default’ employee training and engagement methodologies can have a negative impact on improving employee competency, disenfranchise employees from engaging and retaining their training, and offer little in the way of evident quality assurance data to firms that their employees can effectively recall how to apply training in everyday practice.
“German psychologist Hermann Ebbinghaus (1850 – 1909) hypothesised that training material is exponentially forgotten from the moment a learner consumes it unless efforts are made to preserve it. His study – now famously characterised by the ‘Forgetting Curve’ – demonstrated the decline of retention over time, concluding that we forget as much as 80 per cent of what we taught within the first 30 days when there is no attempt to retain it.
“The Forgetting Curve supports the notion of one of seven kind of memory failures: transience; the process of forgetting occurring with the passage of time. And, whilst the overall rate of forgetting differs little between individuals, the speed in which individuals forget can be impacted by the difficulty of the material, how meaningful it is, and how the material is provided for assimilation.
“Individual spaced learning, repetition and self-testing have since been cited by psychologists and learning professionals as highly effective learning techniques to increase memory recall. These are the fundamental principles behind our AI platform – Clever Nelly.
“And these principles have long been cited as invaluable to the insurers and financial firms we support to help ensure their employees are knowledgeable and competent in critical subject material that relates to compliance, process, policy, and product. All of which can be difficult for employees to continually assimilate during the process of onboarding and throughout their careers.
“So, instead of methodically and repetitively attending to what employees need to be most effective in their individual role, default training provisions – often characterised by employee engagement surveys, annual refresher training and single point in time competency assessments – run the risk of becoming perfunctory and offer little in the way of proactive indicators of genuine competency-related risks for firms.
“They can also result in a reduction of objective employee engagement, diminished retention of critical-subject matter, and highly erroneous Management Information (MI) that is needed to inform individual performance management conversations and strategic business decisions pertinent to people-based risk in real time.
“And, if you have ever wondered how competent your employees might be, it is of worthy note that we commissioned a three-year study to assess the baseline competency of employees – many of whom work within the financial sector – analysing the responses to over 72 million competency interactions between 2017-19. Our analysis found that the average level of tenured employee competency stood at just 52 per cent”.
With reports suggesting that if global multiline insurers fail to continually stay ahead of cyber trends potential claims may no longer be insurable in extreme scenarios, prevention – through efficient training deployment – is now being championed as a primary way for insurers to become more resilient to market risks.
And, with notable insurers – including Hiscox – leading a renewed charge on highlighting that ‘human error is still by far the biggest vulnerability when it comes to cyber attacks’ and that ‘staff forgetting the basics of their training’ continue to manifest increased cyber risks for insurers, Harvey poses an interesting question regarding the efficacy of traditional training methods for insurers and financial firms to consider.
“Is eLearning, annual refresher training, self-election training guides – supplemented with ad hoc simulation training – enough to really ensure employees are continually cyber secure in terms of their knowledge?
“If the people inside your business are one of your biggest risks, shouldn’t insurers be focusing more on effectively analysing individual employee behavioural decision making in real-time and fixing the knowledge gaps as they appear, rather than simply delivering perfunctory single point in time training or being reliant on employees self-electing to upskill their own knowledge? Simply satisfying training delivery per se – without ensuring competency is achieved and, crucially, maintained – is a sub-optimal strategy to improve subject knowledge.
“Firms need to continually assess individual cyber understanding and, when critical gaps are identified, instantly repair them. It’s about consistency and reinforcement; training at onboarding, six months, and annually cannot provide employees with effective patterns of learning behaviour to retain and apply knowledge, especially as new risks appear.
“Combined this issue with the fact that many employees are being deprived of vital peer-to-peer learning and face-to-face training due to hybrid working practices, and organisations face a significant amount of behavioural employee risk-taking and governance issues if competency is not being proactively maintained, analysed, and improved in critical subject areas.
“Employee centric AI – like Clever Nelly – is supporting insurers to assess individual competency cost-effectively and continually; automatically repairing any gaps or knowledge fade. It takes less than one minute 30 seconds of an employees’ day and engages with employees in the flow of work, with no disruption to BAU.
“So, if employee knowledge gaps are continually manifesting issues, a renewed investment in the way firms ranks competency management not only offers increased protection for them, their brand, their markets, and consumers, but it also has the value addition of generating the greatest return on investment from human capital whilst improving employee engagement with subject training too.”