Cybersecurity High on Executives’ Lists; Relatively Few Have Plan to Address It

February 15, 2018

Most executives now see cybersecurity as a major risk management priority, but relatively few have a plan in place to address it or are confident their companies can deal with the problem.

The findings are part of a new global survey by Marsh and Microsoft of more than 1,300 executives looking at cyber risk concerns and management strategies in 26 different industry sectors. Survey results underscore the challenge that carriers face in communicating to potential clients why some sort of coverage addressing cyber risks matters.

Two-thirds of survey respondents (about 56 percent) ranked cybersecurity as a top five risk management priority. At the same time, just 30 percent said they’ve developed a plan to respond to a cyber event, and a mere 19 percent said they were highly confident their company could manage and respond to a cyber event.

John Drzik, president of Global Risk and Digital for Marsh, said that executives are making management of cyber risk an increasing priority as the use of technology in daily operations increases. Because of that trend, Drzik said businesses must eliminate the disconnect between awareness of the risk and wide-ranging action.

“It’s time for organizations to adopt a more comprehensive approach to cyber resilience, which engages the full executive team and spans risk prevention, response, mitigation and transfer,” he said.

Marsh/Microsoft said that organizations planning for cyber risk should engage both top executives and their boards. Economic modeling to quantify cyber risk and a risk management plan including prevention, mitigation, transfer and response planning are also necessary things in the current environment, they said.

Business Interruption Among Biggest Corporate Cyber Fears

Other major findings from the survey:

Companies Don’t All See Need for Cyber Attack Response Plan

Of organizations with high confidence in their cyber risk management strategy:

The full Marsh/Microsoft report is called “By the Numbers: Global Cyber Risk Perception Survey.” Participating companies included small and medium-sized businesses, startups and large companies. Executives who responded included CEOs, CFOs, chief technology officers, chief risk officers, corporate directors and others.

Source: Marsh/Microsoft