More than 80 percent of executive and non-executive directors of captive companies said a ranking of cyber-related risks by risk managers was too low.
When Aon Risk Solutions published its 2013 Global Risk Management Survey it noticed some of the results from more than 1,400 respondents in 70 countries were surprising.
For instance, said Aon, cyber risks (computer crime/hacking/viruses/malicious codes) ranked No. 18 among the top 50 risks put together according to the survey results.
When Aon Risk Solutions, for the first time, turned to captive directors to get an additional view of risk “to double check [the GRMS findings] and to get a more holistic view” of the perception of risk.
Captive directors had a different take on the GRMS results.
When asked if the GRMS underrated cyber risks, 83 percent answered either “severely” or “perhaps underrated.” Twenty-five percent answered severely.
“We completely agree with the view of the respondents that this risk continues to be hugely underestimated,” Aon added. “The legal exposure, reputational harm and business interruptions that may result can wreak havoc on a company’s bottom line.”
Interestingly, the GRMS separately ranked those risks. Damage to a company’s reputation ranked fourth and business interruption ranked seventh. Both can obviously be affected by a cyber breach.
Aon Risk Solutions asked captive directors if they thought risks were becoming more interdependent. Nearly 90 percent answered, “Yes, absolutely.”
“The interdependency between risks shows that organizations can no longer evaluate risk in isolation but must consider their interconnections,” Aon said. “Failure to do so could result in underestimating the impact of risks and misdirect a company’s risk management priorities.”