Cyber Risk Management Not Keeping Up with Rising Cybersecurity Concerns: Marsh, Microsft Survey
London, UK | Dienstag, 20 Februar 2018
Few organisations are highly confident in their ability to manage the risk of a cyber-attack, despite viewing cybersecurity as a top risk management priority, according to a new global survey conducted by Marsh, a global leader in insurance broking and innovative risk management solutions, and Microsoft Corp., the leading platform and productivity company for the mobile-first, cloud-first world.
In the global survey of more than 1,300 senior executives, two-thirds ranked cybersecurity among their organisations’ top five risk management priorities – approximately double the response to a similar question Marsh asked in 2016. The survey also found that a vast majority – 75% – identified business interruption as the cyber loss scenario with the greatest potential to impact their organisation. This compares to 55% who cited breach of customer information, which has historically been the focus for organisations.
Despite this growing awareness and rising concern, only 19% of respondents said they are highly confident in their organisation’s ability to mitigate and respond to a cyber event. Moreover, only 30% said they have developed a plan to respond to cyber-attacks.
“Cyber risk is an escalating management priority as the use of technology in business increases and the threat environment gets more complex”, said John Drzik, president Global Risk and Digital, Marsh. “It’s time for organisations to adopt a more comprehensive approach to cyber resilience, which engages the full executive team and spans risk prevention, response, mitigation and transfer.”
An important step toward this goal is risk quantification. According to the survey, fewer than 50% of respondents said their organisation estimates financial losses from a potential cyber event and, of those that do, only 11% make their estimates in economic terms. Such calculations are a key step in helping boards and others develop strategic plans and investment decisions, including those related to cyber insurance purchase, the report notes.
At the same time, responsibility for cyber risk management continues to lie primarily with the information technology (IT) department, with inconsistent involvement of other stakeholders across the enterprise. According to the survey, 70% of respondents pointed to IT as a primary owner and decision-maker for cyber risk management, compared to just 37% who cited the president/CEO or the board of directors, and 32% who cited the risk management function.
“While technology is the foundation of any good cybersecurity strategy, companies can benefit from investing in non-technology solutions like risk management as part of a holistic approach,” said Matt Penarczyk, vice president and deputy general counsel, Microsoft. “Through advanced technology, tools and training, for example, companies can better protect the data in their networks and be ready for the business interruptions and reputational risks associated with cyberattacks.”
Marsh ist der weltweit führende Industrieversicherungsmakler und Risikoberater. Unsere rund 35.000 Mitarbeiter helfen mittelständischen Unternehmen und Konzernen aller Branchen in mehr als 130 Ländern mit innovativen Absicherungslösungen und Beratungsleistungen ihre Risiken erfolgreich zu managen. Für die Marsh GmbH sind in Deutschland über 700 Mitarbeiter an den Standorten Baden-Baden, Berlin, Detmold, Düsseldorf, Frankfurt, Hamburg, Leipzig, München, Saarbrücken, Stuttgart und Ulm tätig.
Marsh ist Teil der Marsh & McLennan Companies (NYSE: MMC), einem weltweit führenden Beratungsunternehmen in den Bereichen Risiko, Strategie und Personal. Marsh & McLennan Companies hat einen Jahresumsatz von fast 17 Mrd. US-Dollar und beschäftigt rund 76.000 Mitarbeiter. Die vier Tochterunternehmen von MMC – Marsh, Guy Carpenter, Mercer und Oliver Wyman – unterstützen Kunden dabei, sich sicher in einem stetig dynamischer und komplexer werdenden Umfeld zu bewegen. Folgen Sie Marsh auf Twitter @MarshGlobal oder auf LinkedIn, Facebook und YouTube oder abonnieren Sie unseren Nachrichtenservice BRINK.