Employee training and periodic testing of cyber-security protocols are as important as the latest security software, according to a new Risk and Insurance Management Society (RIMS) report.

It says employee carelessness can bypass even the most secure firewall.

The report follows last week’s Petya ransomware attack, which spread globally with unprecedented speed via the click of an attachment.

Businesses should remind employees about emails from unfamiliar sources and should review outgoing emails, particularly those containing large amounts of employee data, RIMS says.

“It is very common for criminals to use the name of a senior executive, with an email address very similar to a company’s URL, to request wire transfer of funds or employee data that can be easily overlooked by an employee.”

About one in 131 emails are believed to contain malware, and about 400 businesses are targeted daily, with the average cost of a breach in the US estimated at $US7 million ($9.1 million).

The report highlights the important role risk professionals must play in facilitating strong partnerships between IT, legal, risk management and public relations.

Teri Cotton Santos, Senior VP, Chief Compliance and Risk Officer at The Warranty Group, says preparation is the key to successfully navigating an incident.

“Risk professionals are in a unique position and are often called upon to foster collaboration between business area leaders,” she says. “As cyber concerns continue to mount, greater expectations will be placed on practitioners and the invaluable role they must play to manage this evolving risk.”

The report – called Cyber Protection: What to do Before and After a Cyber Incident – also flags the importance of cyber insurance, IT disaster recovery plans and organisation-wide crisis management plans.