There is a significant gulf emerging between businesses’ heightened fears over the threat of a cyberattack, and their lack of confidence in being able to manage one should it hit.
More than two thirds of 1,300 senior executives surveyed by Marsh and Microsoft named cybersecurity as among their organisation’s top five risk management priorities – approximately double the response compared to a year ago.
But just 19% of respondents said they are highly confident in their organisation’s ability to mitigate and respond to a cyberattack, and only 30% said they have developed a plan to respond to such incidents.
Marsh’s president of global risk and digital called cyber-risk an “escalating management priority” due in part to the developing use of technology in business. Organisations need to adopt a more comprehensive approach to cyber resilience, “which engages the full executive team and spans risk prevention, response, mitigation and transfer,” he added.
So how can organisations begin to close the gap between awareness and preparedness?
“Recognition and realisation of the impact of these breaches and attacks is becoming more widescale, and there’s been an increased focus on security of information with new regulations that are coming into effect shortly,” Shannan Fort, cyber expert at Aon Risk Solutions told Insurance Business.
Last month, the firm revealed its cybersecurity predictions for the year, stating that it anticipates “heightened cyber exposure” due to several key trends.
Among them is companies’ increasing reliance on technology, which is leaving them exposed to a wide range of cyber-related risks – including the potential of ‘insider risks’ which Aon said, “plagues organisations,” adding that many underestimate their severe vulnerability and liability.
The overall heightened exposure of businesses will require an integrated cybersecurity approach to both business culture and risk management frameworks, Jason J. Hogg, CEO of Aon Cyber Solutions said.
“Leaders must adopt a coordinated, C-suite driven approach to cyber risk management, enabling them to better assess and mitigate risk across all enterprise functions,” he commented.
According to Marsh and Microsoft’s latest research, an important step for businesses to take toward cyber resilience is through risk quantification.
Fewer than 50% of respondents said their organisation estimates financial losses from a potential cyberattack and, of those that do, only 11% make their estimates in economic terms, it found.
“Such calculations are a key step in helping boards and others develop strategic plans and investment decisions, including those related to cyber insurance purchase,” the report said.
Source: InsuranceBusiness UK