Cyber risk is now at the forefront of the corporate risk agenda, but cyber risk management strategies are not keeping pace despite an increasingly complex threat environment and escalating financial impact.
A new global survey of more than 1,300 executives, undertaken by Marsh in partnership with Microsoft, examines cyber risk concerns and management strategies by organizations of all sizes in a range of industries worldwide.
Two-thirds of survey respondents ranked cybersecurity as a top five risk management priority, but only 19% expressed high confidence in their organization’s ability to manage and respond to a cyber event, and only 30% have developed a plan to do so.
Other key findings point to a misalignment between cyber risk awareness and approach:
- 70% of respondents named the IT department as a primary owner and decision-maker for cyber risk management, compared to 37% who cited the C-suite and 32% Risk Management.
- 75% identified business interruption as the cyber loss scenario with the greatest potential financial impact, but fewer than 50% actually estimate financial losses – and of those, only 11% measure cyber risk exposure quantitatively.
- One in five organizations does not currently have or plan to purchase cyber insurance, and 25% don’t know their cyber insurance status.