The latest enterprise risk management news from around the world

RANE (Risk Assistance Network + Exchange) and the Nasdaq Center for Board Excellence have released results of a survey of US publicly listed companies and nonprofits that show that boards and executive team members give themselves high marks for cyber security awareness but that additional training on cyber risks would be beneficial.

Cyber security has become the leading concern for businesses worldwide. The types of cyber risks that are the most important to boards/executive team members include:

  • Ransomware attacks, which are the number one concern of the respondents.
  • Cyber breaches resulting in stolen data: this is also an area of extreme concern, as are social engineering/phishing/business email compromise and cyber breaches resulting in destruction or manipulation of data.

The area of least concern was a cyber incident caused by an insider threat.

“One major finding of this survey is that boards often focus on ransomware or other highly publicized attacks without realizing the connection between the attacks and the intersection with geopolitical events,” says RANE CEO Steve Roycroft.

Almost all respondents express confidence that their board/executive team is prepared to respond to a cyber incident, however, some notable issue include:

  • Only 59 percent of respondents say that cyber security training was provided to the board, and of those remaining, 69 percent indicated that they would like to receive training.
  • A quarter of respondents say their board does not have a methodology for quantifying cyber security risk.
  • The majority of respondents say their organizations carry cyber liability insurance, but only 9 percent say their policy ensures full resilience against any business interruptions.

More details.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.