When you think about "workplace safety," what comes to mind? For most of us, it's probably hard hats, non-slip mats, and maybe those bright yellow "wet floor" signs. We’re conditioned to think about the physical stuff—the things we can see and touch.
But what if I told you the biggest risks to your people, the ones that keep thousands of HR and risk managers up at night, are completely invisible?
A huge survey by the folks at Marsh just dropped, and the results are pretty eye-opening. They asked a ton of human resources and risk professionals what they saw as the number one risk to an organization's people. It wasn't workplace accidents. It wasn't burnout (though that’s a big one, too).
Nope. The top risk was a lack of cyber threat literacy. Right behind it? The massive disruption coming from Artificial Intelligence. Let's talk about what this actually means for you and your business, because it's a much bigger deal than it sounds.
That One "Oops" Click: Why Cyber Smarts Are the New Workplace Safety
Honestly, I wasn't surprised to see this at the top of the list. For years, we in the insurance world have seen the aftermath. A company gets hit with a ransomware attack, and everyone immediately pictures a shadowy hacker in a hoodie, furiously typing code in a dark room.
The reality is usually a lot less dramatic.
More often than not, the "hack" started with a simple, preventable human error. It was an employee who, in the middle of a busy Tuesday, clicked on a link in a phishing email that looked just like a message from UPS. Or someone who used the same simple password for everything and got their credentials stolen.
Human error is consistently one of the leading causes of cyber losses. It’s not because your people are careless or have bad intentions. It’s because they’re human. They're juggling a dozen tasks, their inboxes are overflowing, and the bad guys have gotten incredibly good at crafting scams that look legit.
Think of it like this: you can install the most advanced, expensive security system in your building, with laser grids and pressure plates. But if someone on your team unknowingly holds the door open for a thief who's disguised as a pizza delivery guy, all that technology is useless.
That’s what’s happening every single day in the digital world. Your firewall and antivirus software are the high-tech security system, but a well-crafted phishing email is the thief in disguise. And if your team isn't trained to spot him, they're going to hold the door open.
This is where cyber insurance comes in, of course. A good policy is your financial safety net for when things go wrong. But the goal should always be to avoid needing that net in the first place. And that starts with turning your biggest vulnerability—human error—into your first line of defense.
And Now, For Something Completely Different: The AI Elephant in the Room
So, just as we’re getting our heads around the cyber literacy problem, a new challenge walks in the door. And it’s a big one: AI.
When we talk about AI as a "risk to people," it's not just about the sci-fi scenario of robots taking over everyone's jobs. The disruption is much more immediate and nuanced than that.
The Skills Gap on Steroids
First, there's the massive skills gap AI is creating. Jobs are changing at lightning speed. The skills that made someone a star employee five years ago might be on their way to becoming obsolete. This puts incredible pressure on your team to adapt and on you to provide the right training.
If you don't manage this transition well, you risk disengagement, lower productivity, and losing great people who feel like they're being left behind.
New Avenues for Scammers
Remember that phishing problem we just talked about? AI is about to pour gasoline on that fire. Scammers can now use AI to create incredibly personalized, error-free phishing emails at a massive scale. They can even use "deepfake" technology to clone a CEO's voice and leave a voicemail for an employee in finance, asking for an urgent wire transfer.
It sounds like something out of a movie, but it's happening right now. If your team is already struggling to spot basic scams, how will they handle AI-powered ones?
The Insurance Question
From an insurance and risk management perspective, AI opens up a whole new can of worms. If you have to restructure your workforce because of AI, are you prepared for the potential fallout? This could trigger claims on your Employment Practices Liability Insurance (EPLI) if not handled carefully.
We’re entering a period where we need to be constantly asking, "What new risks does this technology create, and do our current insurance policies even address them?"
So, What Are We Supposed to Do?
Okay, that all sounds a bit doom-and-gloom, I know. But it's not hopeless. The key is to shift our focus from just technology and policies to the people at the center of it all.
Here are a few practical things you can start thinking about:
- Make Cyber Training Engaging (Seriously). The once-a-year, hour-long PowerPoint on cybersecurity is dead. It doesn’t work. Instead, think about continuous, bite-sized training. Run simulated phishing campaigns to give people real-world practice in a safe environment. And please, create a culture where someone can raise their hand and say, "I think I clicked on something bad," without fear of being shamed or fired.
- Treat Learning as a Core Business Function. Reskilling and upskilling your team for an AI-driven world isn't a "nice-to-have" from HR anymore. It's a fundamental business strategy. Start open conversations about how roles will evolve and invest in training that gives your people the skills they'll need for the future.
- Talk to Your Insurance Broker. Now is the time to have a serious chat with your insurance professional. Dust off your Cyber and EPLI policies. Ask them tough questions about AI-related scenarios. Make sure you understand what you're covered for and, more importantly, what you're not.
At the end of the day, protecting your organization comes down to supporting your people. The threats have changed. They’ve moved from the factory floor to the email inbox. Our approach to safety and risk management has to change with them. It’s not just about compliance checklists anymore; it's about building a resilient, aware, and well-supported team that can navigate the challenges of today and tomorrow.
