Uncertainty around cyberthreats continues to plague global execs
When it comes to managing cyber risks, businesses are no more confident today than they were in 2019.
In 2019, 19.7% of global business leaders felt highly confident in their organization’s core cyber risk management abilities. This has largely remained unchanged, according to a report from Marsh and Microsoft Corp., as only 19% of business leaders are highly confident in their cyber risk programs today.
Additionally, organizations are still failing to fully piece together how risks faced by their vendors and digital supply chain fit into their overall cybersecurity programs. Fewer than half of surveyed businesses have conducted a risk assessment of their vendors and supply chain.
“Given the continued rise of ransomware and the current tumultuous threat landscape, it is not surprising that many organizations do not feel any more confident in their ability to respond to cyber risks now than they were in 2019,” Sarah Stephens, head of cyber, international for Marsh, said in a release.
Part of the challenge is that businesses aren’t fully measuring cyber risk in financial terms, as just 26% of businesses undertake the practice. Marsh reported this hurts the ability of a company to communicate cyberthreats enterprise-wide.
“Cyber risks are pervasive across most organizations. Successfully countering cyberthreats needs to be an enterprise-wide goal, aimed at building cyber resilience across the firm, rather than singular investments in incident prevention or cyber defense,” Tom Reagan, cyber risk practice leader, U.S. and Canada for Marsh, said in a release. “Greater cross-enterprise communication can help organizations bridge the gaps that currently exist, boost confidence, and better inform overall strategic decision making around cyber threats.”
Cyber insurance sees fast adoption
Around 60% of businesses said they purchase some type of cyber coverage, according to Marsh, which noted this is a 30% increase compared with 2019 levels. Many business leaders pointed to insurance as playing a critical role in their overall cyber risk strategy.
Further, insurers’ demanding more strident security measures when placing cyber policies had a net positive effect on businesses’ cybersecurity, according to Marsh. Slightly more than 40% of respondents said insurers’ requirements influenced decisions to supplement existing controls or put new ones in place.
Related: