Just 18 percent of UK businesses feel they have a “complete understanding” of cyber risk, a drop from 34 percent last year, according to Marsh UK’s annual Cyber Risk Survey Report. The results from risk managers and CFOs at large and mid-sized firms suggest that businesses have far to go in cybersecurity awareness.
“This comes at a time when cyber risk is being elevated as a board agenda item, suggesting that executive-level interrogation has exposed a preexisting overconfidence in the level of knowledge and understanding within certain organizations,” stated Marsh in the report. “If this is the case, then it is clear those tasked with creating and delivering critical management information relating to cyber risk need more help and guidance to get them to a position where the level of management information is adequate.”
The survey also revealed that less than a third (31.9 percent) of respondents have identified and analyzed scenarios that could affect their organizations. Directors have also not fully embraced cyber risk as a board-level concern – only 19.4 percent feel they have – and most firms consider cyber to be the responsibility of the IT department.
“IT departments might know how to implement cybersecurity; however, the inability of IT to drive value for the organization or the potential for significant damage to be caused as a result of a security breach, most certainly is a business risk — the consequences of which will be felt at the highest levels of the organization should it occur,” noted Marsh.
Marsh commented that most UK businesses do not appear to understanding the financial impact that a security breach could have on their organizations, increasing the difficulty in transferring the risk. In addition, just 11.1 percent buy insurance for cyber risk and 47.2 percent of respondents said they have no plans to buy cyber coverage.
Highlighting an area of growing concern within the cyber risk sphere, Marsh found that businesses aren’t paying proper attention to cyber risks within their supply chains.
“It is both a surprise and a huge concern that more than two thirds (69.4 percent) of respondents to this year’s survey do not assess the suppliers and/or customers they trade with for cyber risk,” stated Marsh.