Although organisations are increasingly tuned in to the dangers posed by cybersecurity risks, they have more work to do to combat the threats, according to a new survey.
The portion of more than 1,500 business leaders who ranked cyber threats among the top five risks to their company grew from 62% in 2017 to 79% in 2019, according to the 2019 Global Cyber Risk Perception Survey undertaken jointly by Microsoft and insurance broker and risk adviser Marsh.
Twenty-two per cent of survey respondents ranked cyber threats as the number one risk to their company in 2019, up from just 6% two years earlier.
But business leaders’ confidence in their organisations’ ability to respond to these threats slipped:
- The portion of respondents who said they are not confident in their organisation’s ability to understand, assess, and measure cyber threats doubled from 9% in 2017 to 18% in 2019.
- More respondents lacked confidence in their organisation’s ability to detect and prevent cyberattacks in 2019 (19%) than in 2017 (12%).
- 22% of respondents said in 2019 that they were not confident in their organisation’s ability to manage and respond to cyberattacks, up from 15% two years earlier.
“We are well into the age of cyber risk awareness, yet too many organisations still struggle with creating a strong cybersecurity culture with appropriate levels for governance, prioritisation, management focus, and ownership,” Kevin Richards, Marsh’s global head of cyber risk consulting, said in a news release. “This places them at a disadvantage both in building cyber resilience and in confronting the increasing complex cyber landscape.”
To better combat cyber risks, the report suggests that organisations:
- Make clear, shared standards for governance, accountability, resources, and actions related to cybersecurity part of their culture.
- Quantify cyber risk. The portion of respondents who use quantitative methods to express cyber risk exposure nearly doubled from 17% in 2017 to 30% in 2019, but that still means that less than one-third of organisations are measuring this risk.
- Evaluate the cyber risk implications of new technology. Almost one-fourth (23%) of respondents said that for most new technologies, they believe the risks outweigh potential business benefits.
- Manage the supply chain as a collective issue, recognising the need for trust and shared security standards across the entire network.
- Pursue and support public-private partnerships around critical cyber risk issues.
“In the era of transformational technology and more interconnected supply chains, the cyber risk management practices and mindsets of yesterday no longer suffice and may actually inhibit innovation,” Joram Borenstein, general manager, Cybersecurity Solutions Group at Microsoft, said in a news release. “It is incumbent upon senior leaders to focus on these issues for the welfare of their organisations, their customers, their employees, and beyond.”
— Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is FM magazine’s editorial director.