The latest enterprise risk management news from around the world

UK firms must take cyber risk management more seriously: Marsh report

Details
Published: Tuesday, 16 June 2015 07:39

According to a study published by Marsh, many UK firms are failing to adequately assess their customers and trading partners for cyber risk, and are more vulnerable to cyber attacks themselves as a result.

Marsh’s Cyber Risk Survey Report found that nearly 70 percent (69.4 percent) of respondents from large and medium-sized corporations across the UK do not assess the suppliers and/or customers they trade with for cyber risk. Furthermore, more than half of respondents (51.4 percent) stated that their organization has not been asked to demonstrate a competent standard of their IT security practices to their bank and/or customers, in order to do business with them. 

Stephen Wares, Marsh’s Cyber Risk Practice Leader, Europe, the Middle East and Africa (EMEA), commented: “If organizations are to reduce the threats arising from cyber attacks, more work needs to be done to consider cyber security as a business issue, as opposed to a technical problem. This is especially true for larger organizations, which attract highly motivated and sophisticated hackers that might identify smaller business partners that are typically less well protected as the ‘back-door’ into their IT systems.”

Additionally, Marsh’s survey results reveal that board-level ownership of cyber risk remains comparatively low: IT departments continue to take primary responsibility for cyber risk in the majority (55.5 percent) of organizations, while the board takes primary responsibility for cyber risks in less than one fifth (19.4 percent) of the organizations surveyed.

Marsh also found that while the majority (52.8 percent) of firms surveyed have or are seeking to buy cyber insurance in the next 12 months, only 11 percent currently have policies in place.

“Cyber risk management should be at the heart of the strategic decision-making process. Only with board-level support can companies take the big strides needed to advance their knowledge and perform the financial modelling required, to judge the value of the risk transfer options available on the market,” said Stephen Wares.

Marsh’s findings are based on research among risk managers and chief financial officers from more than 100 large and medium sized UK firms, including financial services, manufacturing, retail, healthcare and energy/utility companies.

www.marsh.com



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

Root Cause Analysis
The Business Continuity Business Case

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.