Nearly 80% of global organizations now rank cyber-risk as a top-five business concern, but just 11% are highly confident they can assess, prevent and respond effectively to attacks, according to new research from Marsh and Microsoft.
The insurer has teamed up with the computing giant once again to poll 1500 global organizations for its 2019 Global Cyber Risk Perception Survey.
It found those ranking cyber-risk as a top-five concern had risen from 62% in 2017 to 80% this year, while those confident in being able to deal with a threat fell from 19% to 11% over the period.
Ownership of and engagement with cyber-risk management seems to be a key challenge for many.
Although 65% of respondents identified a senior executive or the board as main owner of this function, only 17% of executives and board members said they’d spent more than a few days in the past year focusing on the issue. Some 51% spent several hours or less.
Similarly, 88% of organizations identified their IT/IT security teams as primary owners of cyber-risk management, but nearly a third (30%) of IT respondents said they spent just a few days or less over the past year focusing on this.
At the same time, adoption of new technologies continues apace, often without adequate safeguards.
Half of respondents said cyber-risk is almost never a barrier to the adoption of new tech, and although three-quarters (74%) evaluate risks prior to adoption, just 5% said they do so throughout the technology lifecycle. A significant minority (11%) do not perform any evaluation.
The report also revealed that organizations were likely to hold their own cyber-risk management actions to a higher standard than that of their suppliers.
That’s despite the fact that 39% said the risk posed by their partners was high or somewhat high versus just 16% who admitted their own organization poses high risk to their supply chain.
“We are well into the age of cyber-risk awareness, yet too many organizations still struggle with creating a strong cybersecurity culture with appropriate levels for governance, prioritization, management focus, and ownership,” said Kevin Richards, global head of cyber-risk consulting at Marsh.
“This places them at a disadvantage both in building cyber-resilience and in confronting the increasing complex cyber-landscape.”