Cyber Risk Remains Misunderstood Despite Growing Concern Among Risk Managers

Despite mounting concerns about cyber risk and the potential financial and reputational consequences of information security breaches, leading organisations across Europe are failing to integrate cyber threats fully into their risk management strategies, according to research by Marsh and Chubb Insurance.

Risk managers are considerably more concerned about the perceived threat of cyber risks to their organisations than 12 months ago. In a survey conducted at a Marsh’s recent annual communications, media and technology (CMT) conference, 69% of the CMT, financial services, insurance and law delegates questioned said that their concern about cyber risk has increased over the previous 12 months.

Although the perceived threat of cyber risk is on the rise, Marsh and Chubb Insurance’s research suggests that awareness and understanding of cyber risk among the insurance and risk management community remains low:

  • Over half (54%) of respondents did not know whether their organisation had been subjected to a cyber attack in the last 12 months;
  • Only 41% said that their organisation had estimated the financial impact of a cyber attack; yet one-quarter felt that a cyber attack could cost their organisations in excess of US$5m.

Fredrik Motzfeldt, CMT practice leader for Europe, Middle East and Africa (EMEA) at Marsh, said: “Risk managers are right to be concerned about cyber risk. These threats will become considerably more acute for organisations as a result of our growing dependence on technology and web-based solutions such as cloud computing.

“Despite these concerns, risk managers continue to have a minority stake in the management of cyber risk. Our research found that 33% of respondents believed that the IT department was responsible for cyber risk management in their organisations, compared to only 13% who thought it was a matter for the risk management function. Cyber risks pose too great a risk to the continued success of organisations to be misunderstood. Closer alignment to the risk management function is a vital first step to countering this threat and ensuring that a risk based approach to IT investments is adopted,” added Motzfeldt.

Only 21% of respondents to the survey stated that their organisation currently purchased cyber insurance cover. Additionally, the research found that only 11% of respondents felt confident that their current cyber insurance provision meets their organisational needs, raising questions about the insurance industry’s ability to respond to cyber threats.


Related reading