Read the second of the three series of articles on Cyber risks.
The toll of almost three years of unrelenting workplace disruption, digital transformation and ransomware attacks means most leaders are no more confident in their ability to manage cyber risk than they were two years ago.
A new 26-page report The State of Cyber Resilience published jointly by Marsh and Microsoft Corporation analyses how cyber risk is viewed by various functions and executives in leading organisations, including cyber security and IT, risk management and insurance, finance and executive leadership. Over 660 cyber risk decision makers globally participated in the study. The report has revealed that leadership confidence in their organisation’s core cyber risk management capabilities – including the ability to understand/assess cyber threats, mitigate/prevent cyber attacks, and manage/respond to cyber attacks – is largely unchanged since 2019, when 19.7% of respondents stated they were highly confident, compared to 19% in 2022.
Marsh head of cyber Sarah Stephens said, “Given the continued rise of ransomware and the current tumultuous threat landscape, it is not surprising that many organisations do not feel any more confident in their ability to respond to cyber risks now than they were in 2019.”
Many organisations are still struggling to understand the risks posed by their vendors and digital supply chains as part of their cyber security strategies. Only 43% of respondents stated that they have conducted a risk assessment of their vendors or supply chains.
Other findings of the report include:
Only 41% of organisations look beyond cyber security and insurance to engage their legal, corporate planning, finance, operations or supply chain management functions in making cyber risk plans.
Nearly four in 10 respondents (38%) said their organisation uses quantitative methods to measure their cyber risk exposure, which is a critical step in understanding how cyber attacks and other events can create volatility. This is an improvement from the 2019 survey, when three in ten respondents (30%) stated that their organisation uses quantitative methods.
Marsh US and Canada cyber risk practice leader Tom Reagan said, “Cyber risks are pervasive across most organisations. Greater cross-enterprise communication can help organisations bridge the gaps that currently exist, boost confidence and better inform overall strategic decision making around cyber threats.”