Cybercrime and the human factor

Whether or not your company will be targeted by hackers is no longer a question; it’s a certainty. The real question is how it will be targeted – and how often. A 2017 study on cybersecurity by PwC found that, on average, IT security incidents increased by 57% per year for companies in recent years. It is worth noting, however, that this number only accounts for known cyberattacks. The actual figure could be significantly higher.

The challenge: the human aspect of cybersecurity
What is the MO (method of operation) of internet criminals? Where are the IT security weak points at small and large companies? The answer is simple: people are the biggest risk. People are apt to make mistakes, be careless or lazy, and in the worst cases they can be gullible. It is important to acknowledge these human faults when it comes to IT security. People often fail to critically investigate e-mail attachments, links and downloads before they take the next step. More than 90% of cybercrimes are made possible by such cases of human error.

But we must not forget: People can learn, and people can get motivated. It's this aspect of human behavior that the ING Digital Trust team wants to build on.

The Digital Trust team is developing an application to sensitize and train employees on cybersecurity issues. It is designed to help companies better manage digital security threats.

The new application, dubbed "Wyse, draws on ING’s wide-reaching expertise in the area of currency transactions. Wyse uses a game-like approach to support successful learning and facilitate deeper user engagement, so that employees make better decisions online.

ING's Innovation Accelerator is supporting the ongoing development of the application through partnerships with numerous Internet Security Officers at international companies along with the cybersecurity experts and scientists at the Centre for Behaviour Change and TNO at University College London.


Fun, interactive exercises strengthen employee awareness of the threats of working in a globalized world, and highly-individualized content is personally tailored for each user. The method can deliver quick and measurable changes to employee behavior in the area of cybersecurity.