View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 16, 2018

Cybersecurity fears not matched with risk management strategy

Senior executives are becoming more concerned about cybersecurity, but responsibility is still being swept under the rug that is the IT department.

By Tom Ball

While it is encouraging that businesses are increasingly aware of cybersecurity risks, a shockingly low percentage of them are implementing risk management strategies to cover the eventuality.

Two thirds of senior executives globally placed cybersecurity among their top five risk management priorities, with a towering 75 per cent ranking cyber related business interruptions as having the greatest potential impact on their organisation.

Despite this widespread concern just 19 per cent expressed high confidence in their mitigation and response capabilities when faced with cyber threats. Perhaps more worryingly, the research from March reveals that just 30 per cent said they have a plan of action for when a cyberattack hits.

“Cyber risk is an escalating management priority as the use of technology in business increases and the threat environment gets more complex,” said John Drzik, President, Global Risk and Digital, Marsh. “It’s time for organisations to adopt a more comprehensive approach to cyber resilience, which engages the full executive team and spans risk prevention, response, mitigation and transfer.”

The general approach to risk management globally is further proved to be lacklustre by the finding that less than half of organisations make estimates of financial losses that could be caused by cyberattacks, an important step in the risk management process. Only 11 per cent actually make their estimates in economic terms.

GDPR 100 day countdown: 74% of UK business confident
UK government pins NotPetya ransomware blame on Russia
Microsoft learns from Bitcoin and blockchain for new ID system

“While technology is the foundation of any good cybersecurity strategy, companies can benefit from investing in non-technology solutions like risk management as part of a holistic approach,” said Matt Penarczyk, Vice President and Deputy General Counsel, Microsoft. “Through advanced technology, tools and training, for example, companies can better protect the data in their networks and be ready for the business interruptions and reputational risks associated with cyberattacks.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

There still appears to be a lack of understanding among organisations as to who is responsible for cyber risk management, with 70 per cent of senior executives still pointing at IT when asked who has ownership and decision making power over the matter. It is apparent that the IT department rug is still being used to sweep cybersecurity responsibility under.

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.