A new study has revealed that UK organisations should do more work to improve their understanding and management of cyber risk, as they are failing to adequately assess third party suppliers.
70% of respondents from large and medium-sized corporations throughout the UK said they do not assess the suppliers and/or customers they trade with for cyber risk.
In addition, 51.4% said that their organisation has not urged them to demonstrate a competent standard of their IT security practices to their bank and/or customers for doing business with them.
Even though cybersecurity risk is ranked as a number one threat by the government’s National Security Strategy, only 16.6% placed it as a top five risk on their ‘risk register’ while the rest put it outside their top 10.
Meanwhile, IT departments continue to take primary responsibility for cyber risk in 55.5% of organisations, with board-level ownership existing in 19.4% of companies surveyed.
The survey, carried out by Marsh, also found that 52.8% of companies have or are seeking to buy cyber insurance in the next 12 months, just 11% currently have policies in place.
Marsh EMEA cyber risk practice leader Stephen Wares said: "If organisations are to reduce the threats arising from cyber attacks, more work needs to be done to consider cyber security as a business issue, as opposed to a technical problem.
"This is especially true for larger organizations, which attract highly motivated and sophisticated hackers that might identify smaller business partners that are typically less well protected as the ‘back-door’ into their IT systems."
