IT disaster recovery, cloud computing and information security news

Boards failing to take ownership of cyber risks

Despite growing levels of awareness and understanding of cyber risk among large and medium-sized corporations across the UK and Ireland, board-level ownership of the issue remains comparatively low with many firms relying on their IT departments for the strategic direction of their cyber risk strategies.

According to the Marsh Risk Management Research, UK & Ireland 2014 Cyber Risk Survey Report, cyber risk now features prominently on the corporate risk registers of organizations across the UK and Ireland, with one quarter (24 percent) of respondents placing it in the top five risks they face and over half (56 percent) placing it in their top ten.

However, Marsh’s research found that cyber risk is managed and reviewed at board level in just 20 percent of respondents’ organizations with 57 percent of respondents stating that the overall responsibility for the assessment and management of cyber risk lies with their IT departments.

Stephen Wares, Cyber Risk Practice Leader, Europe, the Middle East and Africa (EMEA), Marsh, commented: “For those organizations that cited the board as the primary risk owner, there is recognition within these businesses of the potentially catastrophic impact that cyber risk may have on their revenues and reputations.

“Increased board-level ownership will accelerate efforts to understand how cyber risk affects organizational risk profiles, and will foster the adoption of more sophisticated risk mitigation measures. It will also improve the ability of companies to secure correctly targeted insurance protection at attractive premiums, should they decide to transfer some of the risk to the insurance market.”

Although only 32 percent of respondents stated that their organization has assessed the estimated financial impact of a cyber attack, more than half of those surveyed plan to buy or seek quotations for cyber insurance within the next 12 months.

“Marsh’s data suggests a significant rush to market in the next 12 months, representing a considerable increase in active engagement with this class of insurance. Nearly twenty years after the first cyber policies were offered, cyber insurance has finally come of age and is now recognised by prospective buyers as delivering valued protection,” said Mr Wares.

Obtain the UK & Ireland 2014 Cyber Risk Survey Report.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.