Login Register Subscribe
Current Issue

Many companies in the dark on cyber risks

Reprints

LIVERPOOL, England — Less than one-fifth of U.K. companies believe they have a complete understanding of their cyber risk exposure, according to a study conducted by Marsh Ltd. and released Tuesday.

Just 18% of 100 companies surveyed said that they had a complete understanding of their cyber exposure, while 25% said they had limited understanding of their cyber exposure, 52.8% said they had basic understanding and 4.2% said they had no understanding of their cyber exposure.

Just 16.6% of respondents said cyber was one of the top five risks on their company's risk register, while 29.2% said cyber figured in the top 10 risks, 27.8% said it was on the risk register but outside of the top 10, and 26.4% said that cyber did not figure into their organization's risk register at all.

Almost two thirds — 61.1% — of respondents said that their company had made no loss estimate for the financial impact of a cyber attack.

And 15.3% said that they had made such an estimate and the worst loss value was £1 million ($1.6 million) or less; 4.2% said the worst loss value was between £1 million ($1.6 million) and £2 million ($3.1 million); 5.5% said it was between £2 million ($3.1 million) and £5 million ($7.8 million); and 13.9% said estimated the worst loss value to their company of a cyber attack at more than £5 million ($7.8 million).

Take up of cyber insurance coverage by U.K. buyers remains low, according to the study.

Just 11.1% of respondents said their company had bought cyber insurance, while 2.8% said their company was purchasing coverage.

More than a third — 38.9% — of respondents said their company was planning to obtain quotes for cyber coverage within the next 12 months, while 47.2% said their company had no plans to purchase cyber insurance.

Speaking at Airmic's annual conference in Liverpool, England, where the survey was released, Stephen Wares, cyber risk practice leader for the Europe, Middle East and Africa region for Marsh Ltd., said that if companies do not have a clear understanding of their cyber risk profile, it is extremely difficult to obtain meaningful coverage.ust 18% of 100 companies surveyed said that they had a complete understanding of their cyber exposure, while 25% said they had limited understanding of their cyber exposure, 52.8% said they had basic understanding and 4.2% said they had no understanding of their cyber exposure.

Just 16.6% of respondents said cyber was one of the top five risks on their company's risk register, while 29.2% said cyber figured in the top 10 risks, 27.8% said it was on the risk register but outside of the top 10, and 26.4% said that cyber did not figure into their organization's risk register at all.

Almost two thirds — 61.1% — of respondents said that their company had made no loss estimate for the financial impact of a cyber attack.

And 15.3% said that they had made such an estimate and the worst loss value was £1 million ($1.6 million) or less; 4.2% said the worst loss value was between £1 million ($1.6 million) and £2 million ($3.1 million); 5.5% said it was between £2 million ($3.1 million) and £5 million ($7.8 million); and 13.9% said estimated the worst loss value to their company of a cyber attack at more than £5 million ($7.8 million).

Take up of cyber insurance coverage by U.K. buyers remains low, according to the study.

Just 11.1% of respondents said their company had bought cyber insurance, while 2.8% said their company was purchasing coverage.

More than a third — 38.9% — of respondents said their company was planning to obtain quotes for cyber coverage within the next 12 months, while 47.2% said their company had no plans to purchase cyber insurance.

Speaking at Airmic's annual conference in Liverpool, England, where the survey was released, Stephen Wares, cyber risk practice leader for the Europe, Middle East and Africa region for Marsh Ltd., said that if companies do not have a clear understanding of their cyber risk profile, it is extremely difficult to obtain meaningful coverage.