C-suite concern over cyber risks appears to wane: SurveyPosted On: Oct. 26, 2017 10:49 AM CST
Risk management professionals believe their board members and executive management view cyber risk less seriously than they did the prior year, says a survey issued Thursday.
A total of 62% of risk professionals said their board of directors view cyber risk as a significant threat to their organization, which is down from the 83% who said they did so in 2016’s survey, according to the seventh annual survey released by the Zurich Insurance Group Ltd. and Advisen Ltd.
And 60% of the risk professionals surveyed said executive management views cyber risk as a significant threat, compared with 85% in 2016.
A total of 315 respondents participated. This was the first time there was such a finding in the seven years of the survey.
“This could indicate board members have become more comfortable in their understanding of cyber exposures,” says the Security and Cyber Risk Management survey report.
“Or, it could mean risk professionals are not up-to-date on the evolving nature of cyber risk and the possible magnitude of the losses,” it says.
Among other survey results, 35% of the respondents rated data integrity risks as “high risk” compared with 22% who did so for business continuity risks.
In addition, only 53% of respondents knew of changes or upgrades made following high-profile attacks in early 2017.
“This could indicate that risk professionals are either less educated about the exposures, have concluded these exposures are less significant to their business, or are confident (or overconfident) in their cyber security controls,” said the survey report.
“Or the reason could be that risk professionals are not fully aware that the nature of the cyber risk has been evolving beyond data security and toward interconnected risks including business interruption due to malware and ransomware attacks,” it said.
The survey also found many organizations are taking a multifaceted approach to their preparation and response strategies by using a combination of internal and external resources.
The email survey, which was conducted in August and early September, represents businesses of all sizes but is slightly weighted toward smaller companies, with 56% of respondent companies having revenue of $1 billion or less.