Managing Cyber Risk

Managing Cyber Risk

February 22, 2018 Business Insurance and Risk Management, The Beacon Blog 0 Comments

In a global survey by insurance broker Marsh and Microsoft Corp. of over 1,3000 senior executives, two thirds ranked cybersecurity among their organizations’ top five risk management priorities. 75% identified business interruption as having the greatest potential for a cyber loss, compared with 55% citing breach of customer information.

Despite this awareness and concern, only 19% of respondents were highly confident of their organization’s ability to mitigate and respond to a cyber event, and only 30% had a response plan.

There is a disconnect here. it is a safe guess that almost all organizations have a plan to respond to physical loss. In today’s world a cyber loss is much more likely.  As the saying goes, failing to plan is planning to fail.

The first step is to quantify the risk. Less than 50% of respondents said their organization estimates financial losses from a potential cyber event. Calculating potential loss is a key step in plans to eliminate or mitigate loss.

In the survey 70% of respondents said their information technology department was primarily responsible for cyber risk management, compared to 37% citing the president, CEO or board of directors and 32% the risk manager. If as Clemenceau said “War is too important to be left to the generals”, in today’s world cyber risk is too important to be left to the IT Professionals. All stakeholders need to take responsibility.

While insurance is an important part of cyber risk management – and Beacon is ready to place the best coverage on your behalf – it can only be part of the strategy. All organizations need to understand their risk exposure, quantify it and plan how to respond.

About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.