Newsletter


20 February 2018Analysis

Few firms prepared for rising cybersecurity concerns, says Marsh and Microsoft survey


Although cybersecurity is seen as a top risk management priority, few organisations are confident in their ability to manage the risk of a cyber attack, according to survey conducted by Marsh and Microsoft.

More than 1,300 senior executives responded, and two-thirds ranked  cybersecurity among their organisations’ top five risk management priorities – approximately double the response to a similar question asked in 2016.

The survey conducted by Marsh and Microsoft also found that a vast majority – 75 percent – identified business interruption as the cyber loss scenario with the greatest potential to impact their organisation. This compares to 55 percent who cited breach of customer information, which has historically been the focus for organisations.

At the same time, only 19 percent of respondents said they are highly confident in their organization’s ability to mitigate and respond to a cyber event. Moreover, only 30 percent said they have developed a plan to respond to cyber-attacks.

“Cyber risk is an escalating management priority as the use of technology in business increases and the threat environment gets more complex,” said John Drzik, president, global risk and digital, Marsh. “It’s time for organizations to adopt a more comprehensive approach to cyber resilience, which engages the full executive team and spans risk prevention, response, mitigation and transfer.”

According to the survey, fewer than 50 percent of respondents said their organization estimates financial losses from a potential cyber event and, of those that do, only 11 percent make their estimates in economic terms. Such calculations are a key step in helping boards and others develop strategic plans and investment decisions, including those related to cyber insurance purchase, the report notes.

At the same time, responsibility for cyber risk management continues to lie primarily with the information technology (IT) department, with inconsistent involvement of other stakeholders across the enterprise. According to the survey, 70 percent of respondents pointed to IT as a primary owner and decision-maker for cyber risk management, compared to just 37 percent who cited the president/CEO or the board of directors, and 32 percent who cited the risk management function.

“While technology is the foundation of any good cybersecurity strategy, companies can benefit from investing in non-technology solutions like risk management as part of a holistic approach,” said Matt Penarczyk, deputy general counsel, Microsoft. “Through advanced technology, tools and training, for example, companies can better protect the data in their networks and be ready for the business interruptions and reputational risks associated with cyberattacks.”



Editor's picks

news
Influential Women in Captive Insurance launched!
16 July 2024

Editor's picks

news
Influential Women in Captive Insurance launched!
16 July 2024   Captive International is celebrating 50 unique and influential female executives.
news
New York captive created to help tenants
10 July 2024
news
Beryl continues rampage in Caribbean
3 July 2024
news
EIOPA issues captive supervision Opinion
3 July 2024
news
Guy Carpenter: global headwinds impact risk appetites
1 July 2024
news
Captive International parent completes strategic acquisition of Captive Review
25 June 2024

Related content

QBE flags benefits of captives in healthcare strategies
Committed to the captives sector
Captives and investments portfolios: separating myth from reality
Revolutionising risk transfer: the emergence of 144A cat bonds in captive
20 years on: evolving in tandem
A strong sense of purpose
Captive change and evolution
Celebrating 20 years of growth