We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:

X

RISK IN CONTEXT

Assessing the Financial Impact of A Cyber Loss

Posted by Peter Johnson 22 September 2016

UK companies are increasingly waking up to the threat cyber poses, but there is still some way to go before the risks are fully understood by the majority of companies.

According to Marsh’s UK Cyber Risk Survey Report 2016, despite a 56% rise in boardroom ownership of cyber risk, the majority (64.6%) of UK firms are still failing to conduct or estimate the financial impact of a cyber-attack.

This increase has likely been fuelled by a number of high-profile cases hitting the media headlines over the past year. But work still needs to be done, as only one quarter of those we surveyed said they had a complete understanding of the risk, and just 35.4% had conducted or estimated the financial impact of an attack.

In order to fully understand the full impact a cyber event could have, your firm should give careful consideration to the following:

  • Boardrooms should be taking greater responsibility for cyber risk. Boardroom ownership has risen over the past 12 months; however, our survey found that IT departments remain responsible for the review and management of cyber risk in the majority (55%) of organisations. Further improvement of boardroom ownership of cyber could lead to a greater overall understanding of the risk, and boardrooms should be using this ownership to conduct more thorough financial assessments of it.
  • Understand not only how cyber impacts your company but also supply chains. Just 26% of respondents to our survey believed their organisations’ supply chains are assessed for cyber risks, exposing them to third-party risks and increasing the potential for systemic risk. Your company should make sure these exposures are fully understood to avoid unexpected, and possibly severe, losses.
  • Consider insurance cover for cyber risks. Our survey also found that insurance for cyber risks is increasingly being considered by UK organisations, with 29% now having purchased cover, and an additional 26% considering cover. Standard cyber insurance policies typically cover both breach of customer information and business interruption, issues about which survey respondents expressed the greatest concern.

Greater high-level ownership of risk, more thorough understanding of vulnerabilities, and further consideration for risk transfer should further the progress that has already been made towards more complete understanding of cyber risk.

To find out how your company’s attitude and understanding compares to those surveyed, read our UK Cyber Risk Survey Report 2016.

Peter Johnson