Widespread concern exists among risk and IT professionals about the scale of cyber threat but there is little agreement about how organisations should assess, manage and mitigate the threats, according to a Chubb study that surveyed over 250 risk managers and IT professionals.
The study interviewed industry experts from major firms across Europe with annual revenues exceeding $500 million, and identified stark differences in approaches to cyber risk management.
“IT professionals are more likely than their counterparts in the risk function to expect the impact of a cyber event to be severe, evidence that not all organisations have reached a single view of the scope of the threat or how to tackle it, which can leave them vulnerable,” Chubb said.
The Chubb report showed firms are catching on to the eminent cyber threat, with cyber risk management now viewed as a crucial priority and segments as diverse as risk, legal and HR expected to play a role in risk response, where previously it was managed solely by the firm’s IT department.
However, firms still lag behind in building governance models that create a consistent approach to risk management; “Six in ten respondents say senior leaders expect their business to be invulnerable to cyber attack. This is worrying in an era of constantly evolving threats and places intense pressure on their risk and IT teams to mitigate these with a 100% success rate,” the report found.
Kyle Bryant, Cyber risks manager, Europe, Chubb said the results of this research project show that a clear disparity “continues to exist between risk and IT managers around how to deal most effectively with cyber risk.”
“Nothing will provide you with total assurance that an incident won’t happen,” Bryant said, “but insurance now provides a practical solution to help you identify, mitigate and protect your organisation’s vulnerabilities.”
Ultimately, the report highlighted that re/insurers partnering and collaborating with major firms in risk mitigation and cyber protection, may “hold the key to bringing functions together to assess, quantify and prioritise different cyber risks, and build stronger defences and protections.”
This collaborative approach of assisting firms with risk mitigation and assessment is one that Swiss Re recently highlighted as being fundamental to its underwriting successes.