According to a recent Risk & Resilience research report from Beazley, there is a “worrying” degree of complacency around active cyber risk management and maintaining resilience to cyber threats, with over 41% of UK and US business leaders feeling “very prepared” to meet the cyber threat, which although down marginally from 2021, may yet demonstrate overconfidence.
Patricia Kocsondy, Head of US cyber and technology, Beazley, commented, “We are detecting signs that business leaders may have become a little complacent – even over-confident – about the cyber and technology risks faced by their businesses.
“Perhaps because of the overwhelming challenge that the current geopolitical environment poses today they may be being blinded to the threat that cyber and technology risk may deliver tomorrow.”
The report also indicates that cyber remains the leading concern in the technology risk category, with 28% of UK and US respondents listing it as their number one risk in 2022. However, this represents an 18% real terms decrease, down from 34% in 2021.
Intellectual property remains lowest on the list of concerns, though risk perception has increased 107% on last year, which Beazley suggests is a potential area where greater risk management and mitigation is needed.
Additionally, technology obsolescence is the number one risk for 27% of UK and US business leaders, displacing disruption in the ranking, at the same time, perceived resilience has also dropped, which the report notes may be due to companies struggling with the cost and effort of updating or replacing legacy systems.
The report adds that while perceived resilience to cyber and technology risks remains relatively high, with 31% of UK firms and 43% of US firms feeling ‘very prepared’ across all four risks within this risk category, resilience perception has dropped across the board, down 9% on average – with IP risk resilience down 12%, and disruption risk down 10%, compared with 2021.
Bala Larson, Head of Cyber Client Experience, Beazley, said, “Mid-market clients, in particular, are struggling with what is being asked of them in terms of funding, budgeting for and repairing technology to keep pace with a range of cyber and technology risks.
“At Beazley, we are placing a lot more emphasis on questions around how to handle end-of-life software and hardware issues, with many industries now in catch-up mode to budget for what their insurers require.”
As cyber insurance pricing is rising, insurers are becoming more selective about which cyber risks they write, says the report. Therefore, it suggests that Cyber insureds need to regard cyber resilience and risk management as much more than a tick-box exercise, as they seek to protect intangible assets and ensure business continuity.
Aidan Flynn, Head of London and International Underwriting Management, Cyber, Beazley, added, “More companies in the UK have cyber insurance cover since 2021, and perhaps feel more protected, but there is a sense that many view this purchase as a box-ticking exercise, while too many companies still lack basic protections against cyber-attacks.”
