9 June 2022Reinsurance

New cyber survey highlights trends & concerns

The toll of almost three years of unrelenting workplace disruption, digital transformation, and ransomware attacks means most leaders are no more confident in their ability to manage cyber risk than they were two years ago, according to the 2022 Marsh and Microsoft cyber risk survey.

The survey is the third such collaboration the two companies have undertaken in the past four years.

The survey identifies eight key cyber risk trends that include the need for cyber-specific enterprise-wide goals, the increasing risks from ransomware, the importance of insurance in cyber risk management, the need for cybersecurity controls, why it is important to measure cyber risks in financial terms, increasing investment in cyber risk management, increasing the monitoring of new technologies and finally not overlooking vendor/supply chains.

According to the survey one thing holding back confidence is that most companies have not adopted an enterprise-wide approach to cyber risk; one that at its core is about broad-based communication and fosters collaboration and alignment between stakeholders during key decision–making moments of truth on their cyber resilience journey.

For example, the survey concludes, all departments that touch cyber risk should be involved in cyber incident management, and cyber insights should be shared across the enterprise to appropriately address organizational cybersecurity weak spots.

The 2022 report looks at how cyber risk is viewed by various functions and leaders in the company, specifically cybersecurity and IT, risk management and insurance, finance, and executive leadership.

While all of these functions have common interests around cyber risks, the survey found they often act independently, missing the potential benefits that an enterprise-wide approach offers. Their different views and separate ways of managing cyber risks are reflected in the survey finding that only 41% of organisations engage legal, corporate planning, finance, operations, or supply chain management in making cyber risk plans.