Make Time To Focus On Cyber Risk

Make Time To Focus On Cyber Risk

September 23, 2019 Business Insurance and Risk Management, The Beacon Blog 0 Comments

Consider this an editorial.

According to a post on youTalkinsurance (, the 2019 Marsh Microsoft Global Cyber Risk Perception Survey of 1,5000 organizations showed that a majority of board members and senior executives “had” (their word, not mine) less than one day a year to focus on cyber risk.

Some statistics from the survey:

  • Nearly 80% of organizations rank cyber risk as a top five concern, but only 11% had a high degree of confidence in their ability to assess, prevent and respond to cyber threats. (In a 2017 survey the percentages were 62% and 19% respectively.)
  • 65% of organizations identified a senior executive or board member as “owning” cyber risk management, but only 17% of executives and board members spend more than a few days focusing on cyber risk. 51% spend several hours or less.
  • 88% of respondents identified their information technology and security workers as “owners” of cyber risk management, but 30% of IT respondents only spent a few days or less focusing on cyber risk.
  • 77% of respondents have adopted or are adopting new technologies, but only 36% evaluate cyber risk before and after adoption, and 11% don’t evaluate risk at all.

There are serious disconnects here. Perception of cyber as a top risk is UP, but confidence in dealing with it is DOWN. The people who supposedly “own” the risk spend little time focusing on it. New technologies are adopted with little or no evaluation of risk (have these people not heard the expression “Failing to plan is planning to fail”?).

If cyber risk is a top five concern – and it should be- organization leaders should be spending close to 20% of their time focusing on it. Make the time. Refusal is a failure of leadership.

About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.