Offering cyber protection as a voluntary benefit can make it easier for employees to protect their devices and data from hackers.

Author: Richard A. Egleston


In the U.S., the pandemic and subsequent rapid shift to remote work have intensified challenges IT and HR face to secure systems, protect privacy and help people connect online safety while working. Now, geo-political events such as the Russia-Ukraine war and significant cybersecurity incidents have heightened awareness that we are an increasingly digital and vulnerable workplace — and workforce.

In the last two years, cybercriminals have capitalized on new opportunities1:

  • Loosened security with work-from-home devices
  • Severe software vulnerabilities like Log4j2, that were slow to patch
  • Cyber war spawned by Russia's invasion of Ukraine and organized nation-state crime rings

These threats are driving more costly, higher-impact data breaches and cyber incidents than ever before, and employees often can be at the center of these breaches and incidents. According to IBM, Ponemon Institute and the FTC:

  • The average cost of a data breach is now $4.5 million (compared to $3.5 million last year). It's higher in critical industries, such as utilities and telecommunications, transportation, finance, healthcare and government). It's more than $1 million more costly when remote work is a factor.2
  • In the past 12 months, 45% of U.S. companies suffered a successful cyber attack.3
  • The median cost for an impacted individual was $3,603 per incident5, according to a recent Harris Poll.
  • An employee falling for phishing lures causes 37% of attacks. Phishing is now the costliest cause.1

Given such costly impacts, organizations are proactively finding ways to defend against increased threats, with broader protection of devices and networks to prevent breaches and other costly cybercrime. Yet, an employee's remote workplace and personal devices often remain unprotected, creating a weak link in their IT security posture.

Are security concerns about employees' devices changing?

How much of a security risk are employees' personal devices and digital habits to a business? Employees don't have the same controls on their devices at home as they do in their corporate environment, yet 66% of US employees use personal devices for work.5

Further, executives are 50 times more likely to be a high-valued target because they have the most corporate information and access. Attacks often target personal email accounts and phones, which are less protected. Online personal information helps make impersonation attacks on employees and executives more convincing.

Overall, findings concur that, for most employers, cybersecurity protections are a must-have for their employees and for their families. A current barrier for enhancing their security measures is the cost of protecting all their devices and lack of knowledge.

Image courtesy of Norton Benefit Solutions
Image courtesy of Norton Benefit Solutions

Digital protection as an employee benefit

A recent employer benefit case study looked at a global parts manufacturer with more than 2,500 employees that offered identity and cyber protection as an optional employee benefit at new hire and open enrollment, at a discounted price. Nearly 20% of the workforce opted into the benefit in 2022. The benefit was fully funded for leadership — the group most often targeted for attack — and 100% opted in.

While HR was exploring options, they realized how simple it was to roll out identity theft benefits across their entire workforce as a voluntary or flex benefit at about a 60% discount over retail, at no added cost to the company. This optional benefit offering could reinforce IT's existing cyber safety communications and training.

In addition to adding no cost to the company, employers may also have limited administration responsibility — by offering the benefit on a direct-bill basis, the organization simply has to communicate the benefit, and employees participate individually.

Author Information


1"Cost of a Data Breach Report 2022," IBM, 27 Jul, 2022.

2"Consumer Sentinel by Federal Trade Commission," Tableau Public, updated 20 Jul 2022. Infographic.

3O'Driscoll, Aimee. "30+ Data Breach Statistics and Facts," Comparitech, updated 16 Sept 2022.

4Drapkin, Aaron. "Data Breaches That Have Happened in 2022 So Far,", 22 Sept 2022.

5"October Consumer Cyber Safety Pulse Report," Norton Labs, 19 Oct 2021.

6"Cyber Wellness 2021 — Insights from HR professionals on Identity Theft and Device Security,", 2021. Gated infographic.


Consulting and insurance brokerage services to be provided by Gallagher Benefit Services, Inc. and/or its affiliate Gallagher Benefit Services (Canada) Group Inc. Gallagher Benefit Services, Inc. is a licensed insurance agency that does business in California as "Gallagher Benefit Services of California Insurance Services" and in Massachusetts as "Gallagher Benefit Insurance Services." Neither Arthur J. Gallagher & Co., nor its affiliates provide accounting, legal or tax advice