Managing Cyber Risk
In a global survey by insurance broker Marsh and Microsoft Corp. of over 1,3000 senior executives, two thirds ranked cybersecurity among their organizations’ top five risk management priorities. 75% identified business interruption as having the greatest potential for a cyber loss, compared with 55% citing breach of customer information.
Despite this awareness and concern, only 19% of respondents were highly confident of their organization’s ability to mitigate and respond to a cyber event, and only 30% had a response plan.
There is a disconnect here. it is a safe guess that almost all organizations have a plan to respond to physical loss. In today’s world a cyber loss is much more likely. As the saying goes, failing to plan is planning to fail.
The first step is to quantify the risk. Less than 50% of respondents said their organization estimates financial losses from a potential cyber event. Calculating potential loss is a key step in plans to eliminate or mitigate loss.
In the survey 70% of respondents said their information technology department was primarily responsible for cyber risk management, compared to 37% citing the president, CEO or board of directors and 32% the risk manager. If as Clemenceau said “War is too important to be left to the generals”, in today’s world cyber risk is too important to be left to the IT Professionals. All stakeholders need to take responsibility.
While insurance is an important part of cyber risk management – and Beacon is ready to place the best coverage on your behalf – it can only be part of the strategy. All organizations need to understand their risk exposure, quantify it and plan how to respond.