As hackers and cyber criminals continue to grow in sophistication, so too must companies if they're to have any chance in our digital world. (Photo: Shutterstock)
In 2018, companies are aware of the number of cyber risks that threaten their business. They know that a cyber attack means damage to their resources and reputation, among other areas of concern. As hackers and cyber criminals continue to grow in sophistication, so too must companies if they're to have any chance in our digital world.
While this sounds fairly simple on paper, how can companies prepare to counter their cyber exposures? Marsh executives John Drzik and Thomas Reagan provided insights at the latest media breakfast briefing to discuss the launch of Marsh and Microsoft's new Global Cyber Risk Perception Survey.
In conjunction with Microsoft Corp., the two organizations surveyed more than 1,300 senior executives about the cyber landscape. While concern for cyber is high, many respondents are failing to act. Here's how companies should think about their cyber preparedness going forward, based on the Marsh study.
Related: 4 cyber readiness benchmarks for 2018
Sixty-eight percent of respondents said they use cloud computing and services, and that number is not likely to decline in our digital world. (Photo: Shutterstock) First, recognize your cyber threats
As cyber risk becomes a top priority for many companies, how they respond will increasingly matter. But first, they must recognize their cyber threats.
Nearly two-thirds of respondents to the Marsh surveysaid their organizations will increase spending on cyber risk management practices, including risk mitigation and risk transfer. While smarter technology will help, human error still accounts for a significant number of cyber breaches. As a result, more than half of respondents implemented enhanced phishing awareness training for employees.
Sixty-eight percent of respondents said they use cloud computing and services, and that number is not likely to decline in our digital world. Many cloud providers may manage not only data security, but also network controls, identity and access controls, and patching.
Fewer than half of respondents said their organization estimates financial losses from a cyber event. (Photo: Shutterstock) You can't plan for what you can't measure
Throughout the event, Drzik emphasized a basic conundrum companies face when they deal with cyber risks: You can't plan for what you can't measure.
While many companies have cyber insurance or plan to purchase coverage, 44% of respondents "don't know" whether cyber insurance meets their organization's needs. Models exist that allow organizations to assess the likelihood they will be attacked, and their potential losses. However, few firms currently take advantage of them.
Fewer than half of respondents said their organization estimates financial losses from a cyber event, and only 11% quantify their estimates in economic terms.
The benefit of a more comprehensive approach to cyber risk management is that it goes beyond prevention and also includes risk assessment, mitigation and cyber resilience. (Photo: Shutterstock) Cyber risk management requires a packaged approach
Traditionally, cyber risk management has been perceived as a problem for the IT department. Now, technology often is used at every level of a company. As such, ownership of risk needs to very and executives must get more involved.
"Cyber is a technical risk but it impacts the balance sheets," says Reagan, the U.S. cyber practice leader for Marsh.
The benefit of a more comprehensive approach to cyber risk management is that it goes beyond prevention and also includes risk assessment, mitigation and cyber resilience. Ideally, boards should view cyber risk management as part of their overall perspective on enterprise risk management. Concern isn't translating into action, however, and a lack of communication and coordination persists throughout many companies.
To hope that all cyber risks can be prevented in the future is folly — the number of cyber criminals will continue to grow, and they'll be more sophisticated in their attacks than the last. But this doesn't mean companies can't prepare. Identification, preparation and a top-down approach will allow companies to be confident in an ever-evolving cyber landscape.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.