Many companies do not give sufficient attention to cyber risks – survey

Many companies still do not devote sufficient attention to cyber risks, despite an increase in frequency, scope, and sophistication – and harsher penalties for lack of regulatory compliance and loss of sensitive data. This finding comes from research conducted in association with the Federation of European Risk Management Associations (FERMA) by Harvard Business Review Analytic Services, corporate insurer Zurich and the public sector risk management organisation PRIMO.

FERMA board member Julia Graham who led FERMA’s participation in the project said: “Too often I have seen well embedded principles and practices associated with risk management and risk financing discarded when the subjects of information security and specifically cyber security are considered.”     More than three-quarters (76%) of survey respondents said that information security and privacy had become more significant areas of concern in the past three years. A majority also indicated that board involvement is growing in their organisation.

“They must improve their institutional preparedness to combat cyber threats and losses, which are inadequately covered by traditional liability insurance,” the final report from HBR and Zurich concludes.

“Information security is a classic enterprise risk,” commented Julia Graham. “It is not solely a subject for the domain of the chief information officer or the chief information security officer.”

In any case, only 16% of companies covered in the survey have designated a chief information security officer to oversee cyber risk and privacy, and less than half (49%) agree they have a strategy for communication to the general public in case of a cyber risk incident.

Just 19% of respondents have purchased security and privacy insurance specifically designed to cover exposures associated with information security and privacy issues, and only 44% said their company’s budget for these risks has grown.

The sheer number of ways in which data can be lost, stolen, or misappropriated illustrates the prevalence of the threat. Respondents highlighted the following threats to the information security and confidentiality:

  1. malware and other viruses
  2. administrative errors
  3. incidents caused by data providers
  4. malicious employee activity
  5. attacks on web applications
  6. theft or loss of mobile devices
  7. internal hackers

Regulation and compliance concerns appear to be driving much of organisations’ planning around cyber risk. Survey respondents most frequently placed business income loss and the cost of restoring crucial proprietary electronic information among their top five concerns. The next three concerns all related to legal liability:

  • Legal defence and settlement costs from third party claims
  • Costs of regulatory settlements
  • Costs of defending regulatory investigations.

FERMA is highlighting the issue with a session at its 2013 Risk Management Forum in Maastricht starting on 29 September.

Access the full report at ‘Meeting the Cyber Risk Challenge

This analysis reflects the results of a Harvard Business Review Analytic Services web-based survey conducted with 152 respondents involved in risk management for their organisation. Virtually all respondents were based in Europe. Data was collected July-September 2012.

For more information, contact

Press contacts:

Lee Coppack

FERMA media coordinator

lee@coppack.co.uk or +44 (0)20 8318 0330 or +44 (0)7843 089904

or

Florence Bindelle

FERMA executive manager

florence.bindelle@ferma.eu or +32 (2) 761 94 31

Share with others

Subscribe to our newsletter

* indicates required
Interests

By subscribing to our newsletter, you agree that we may process your information in accordance with our Privacy policy.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at enquiries@ferma.eu.

We use MailChimp as our marketing platform. By subscribing to our newsletter, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp’s privacy practices here.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.