CEOs of U.S. businesses have known for some time that cybersecurity is a significant issue affecting their day-to-day operations.
Thanks to several high-profile data breaches and hacker attacks, such as at Sony and Target, the topic of cybersecurity also has become a regular agenda item for many boards of directors of U.S. companies.
And the topic is growing in importance for European business leaders as well.
In 2018, the European Union is scheduled to introduce the General Data Protection Regulation, which will establish stringent requirements for any businesses that deal with European consumers' data. The new regulations are coming into force on May 25, 2018, for all EU member states — but it affects any company doing business with EU citizens, regardless of where the company is based.
To better understand what European businesses are doing to deal with cybersecurity and how they're preparing for the new regulations, Lloyd's commissioned its "Facing the Cyber Risk Challenge" survey.
The new research found that 54 percent of CEOs in European companies are taking responsibility for cybersecurity, but the majority seriously underestimates a cyber event's potential impact with a minority of European companies believing that they will lose market share after a cyber attack becomes known.
When asked specifically about the new EU regulations, the survey found some surprising results, despite the serious financial and legal consequences of not complying with the rules:
- 97 percent of respondents have heard of the GDPR.
- 7 percent said they know "a great deal" about it.
- 57 percent said they know "little" or "nothing" about the new regulations.
More than half the businesses surveyed were aware the new EU regulations could affect them in terms of regulatory investigation (64 percent), financial penalties (58 percent), share price (57 percent) and reputation (52 percent), but only 13 percent believed they could lose customers.
|Too complacent?
When asked whether their company had suffered a data breach in the past five years, 92 percent of respondents (all in Europe) said they had, while 3 percent said they had "come close." Only 5 percent of respondents said they had not suffered a breach or were unaware that they had. Despite these numbers, only 42 percent are worried about suffering another breach in the future.
The survey found that most businesses were more concerned about external rather than internal threats. The internal threats that businesses were most worried were low-tech, with 42 percent of respondents stating physical loss of paper documents as a key concern. The same percentage also listed an insider intentionally breaching information as a key threat.
The number one external threat is hacking, according to the survey. Half (51 percent) of the businesses questioned said they were worried about the possibility of being hacked for financial gain, compared to 46 percent who were concerned about being hacked for political reasons. Hacking by a competitor, however, was viewed as a serious threat by 41 percent.
Inga Beale, CEO of Lloyd's, warned that "Firms may still be too complacent as regards how they are prepared for a cyber risk incident and what the implications of one could be for their business."
|Awareness of cyber insurance
According to the survey, 73 percent of business leaders have a limited knowledge of cyber insurance, and 50 percent don't know that cyber coverage for data breaches is available.
In commenting on the survey, Beale reminded European businesses that the new EU regulations will mean that they have to be more responsive to any cyber incident than may have been the case in the past. "Insurance companies provide more than just cover for any lost income," she added. "They offer a wrap-around service that can keep businesses on the right side of regulation and help protect their customers and their reputation."
The survey questioned 346 senior decision-makers at large companies (with revenues of €250 million or more) across Europe. Respondents' job titles included chief executive officer, chief financial officer, chief operating officer, chief onformation officer, chief technology officer, chief risk officer and general counsel.
The full report is available for download at Lloyd's website.
Related:
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Rosalie Donlon
Rosalie Donlon is the editor in chief of ALM's insurance and tax publications, including NU Property & Casualty magazine and NU PropertyCasualty360.com. You can contact her at [email protected].
