A new Marsh survey has found that leaders of cybersecurity, IT, risk management, insurance and finance companies are losing confidence in the ability of their organizations to ward off ransomware attacks. Drawing on the insights of more than 660 cyber-risk decision-makers, a report published Thursday entitled The State of Cyber Resilience found that the perspectives of company executives on cyber-risk management are none too optimistic.
An organization’s cyber-risk management includes understanding and assessing cyber-threats, mitigating and preventing cyber-attacks and managing and responding to cyber-attacks. In 2019, 19.7% of those surveyed said they were highly confident in their capacity to manage cyber-risk compared to 19% in 2022. This demonstrates that the perspectives of leaders have changed little over the course of three years.
“Given the continued rise of ransomware and the current tumultuous threat landscape, it is not surprising that many organizations do not feel any more confident in their ability to respond to cyber risks now than they were in 2019,” stated Sarah Stephens, head of cyber, international, Marsh.
Less than half of those surveyed (43%) stated that a risk assessment of vendors and supply chains has been conducted by their organization. This indicates that companies are falling behind in their cybersecurity strategies when it comes to assessing the threats faced by vendors and supply chains during a time when attacks are on the rise.
“Cyber risks are pervasive across most organizations. Successfully countering cyber threats needs to be an enterprise-wide goal, aimed at building cyber resilience across the firm, rather than singular investments in incident prevention or cyber defense,” said Tom Reagan, cyber risk practice leader, US & Canada, Marsh. “Greater cross-enterprise communication can help organizations bridge the gaps that currently exist, boost confidence and better inform overall strategic decision making around cyber threats.”
In 2019, a mere three in 10 survey participants (30%) stated that their company used quantitative methods to measure exposure to cyber risk. This figure increased to just under four in 10 respondents in 2022 (38%). The use of quantitative methods in assessing cyber risk is critical as it helps determine volatility.