In a webcast October 7, 2019, cyber risk leaders from Marsh and Microsoft reviewed the key findings of the survey, and offered recommendations for tangible actions to help organizations improve their cyber risk posture.
Other key findings in addition to the concern/confidence gap included:
- Strong dissonance between the view of cyber threats as a strategic risk, and the tactical methods most organizations use to manage them.
- Half of respondents said the benefits of new technologies such as AI, Cloud, IoT, and Blockchain are compelling enough to override any cyber risk concerns – but there is uncertainty about what those risks are. And few companies assess those risks after onboarding new technology.
- Supply chain risk is twice as likely to be perceived as a one-way risk, rather than a shared risk and responsibility. Many organizations are not confident in their ability to prevent or manage 3rd party risk.
- Cyber regulation and industry standards are not viewed as effective in helping organizations manage cyber risk – but there is strong appetite for government help combatting nation-state cyber-attacks.
Panelists offered recommendations to address these issues and implement best practices:
- Build a strong cybersecurity culture with c-suite ownership, prioritization of cyber risk across the organization, and investment of resources in planning, training, insurance, and response rehearsal as well as technology.
- Quantify cyber risk to assess the true cost of a cyber-attack and allocate capital to the largest exposures.
- Make technology risk assessment a continual process throughout the technology life cycle.
- Recognize the shared responsibility for supply chain risk security, and engage in assessment and dialogue with 3rd parties about cyber risk management.
- Stay on top of evolving cyber regulations, and ensure controls and coverages are compliant and responsive to new risks and exposures.
- Use cyber insurance to protect against cyber-related losses.
Hear Tom Reagan, Marsh US Cyber Practice Leader; Kevin Richards, Global Cyber Risk Consulting, Marsh; Sarah Stephens, UK Cyber Practice Leader; and Joram Borenstein, General Manager, Cybersecurity Solutions Group at Microsoft, join Advisen moderator in an engaging hour-long discussion.