Organisations across Europe have under-investigated cyber risks and need to do more to assess their exposures, according to respondents who participated in Marsh’s Cyber Risk Survey.
According to the European 2015 Cyber Survey Report, more than three quarters (79%) of respondents believe they do not have a complete understanding of the cyber risks their organisations are exposed to. Moreover, nearly half (43%) of all organisations have not yet identified one or more cyber scenarios, despite 75% including cyber risk in their corporate risk registers.
Internal threats (29%), operational errors (28%), and hacktivist groups (23%) are listed as the top three threats by respondents. When it comes to specific cyber loss scenarios, breach of customer information (24%) and business interruption (22%) present the greatest concern.
IT departments take primary responsibility for cyber risk in the majority (65%) of organisations, while the percentage of the board (11%) and risk managers (11%) taking primary responsibility for cyber risk is comparatively low.
Nearly half (45%) of respondents’ organisations are engaged with the insurance market in one way or another. As the insurance market is offering products that address the main concerns of our respondents, the remaining 55% who are not seeking insurance, may simply be at too immature a stage in their own risk evaluation process to engage, as opposed to available insurance products not meeting their needs.