Cyber-Risk Awareness Growing, but Work Remains To Build Resilience
November 02, 2021
A new survey shows that risk professionals are increasingly aware of the growth of cyber risks and the need to manage them, though there remains room for improvement in building cyber resilience.
The 11th Annual Information Security and Cyber Risk Management Survey of corporate risk managers and insurance buyers conducted by Zurich North America and Advisen Ltd. found that 83 percent of respondents purchase some level of cyber insurance. That was the highest percentage in the 11 years of the survey.
The survey also showed that 65 percent of respondents have invested in cyber-security solutions to mitigate cyber risks, though that figure indicates that 35 percent of respondents have yet to do so.
In particular, the survey revealed gaps in respondents' cyber-risk mitigation efforts related to risk monitoring, employee training, and vendor risk assessment.
Of those surveyed, 32 percent indicated they monitor for cyber threats monthly, and 28 percent said they do so only quarterly.
"In today's fast-changing environment, even monthly threat assessments will leave organizations ill-prepared for both threat actors and their cyber-insurance renewals," the report said.
Just over half of survey respondents, 52 percent, indicated that vendor risk assessment is part of their cyber-risk mitigation plans. Only 17 percent of respondents indicated that their companies offer cyber-security training on a monthly basis, with annual training the most common response at 30 percent, while 25 percent of those surveyed indicated they conduct employee cyber education quarterly.
This was the first year the survey asked about ransomware, and 80 percent of respondents indicated they feel very or moderately prepared to address a ransomware attack.
"At Zurich, we have been advocating for increased cyber resilience among businesses for years, so seeing a continued increase in take-up rate and strengthening risk mitigation efforts is very encouraging," Michelle Chia, head of professional liability and cyber for Zurich North America, said in a statement. "The survey results also tell us, however, that more work needs to be done to increase cyber resilience, and we are committed to providing businesses the resilience strategies they need through education and support."
This year's survey results reflect the responses of nearly 400 respondents representing risk managers, insurance buyers, and other risk professionals representing both large and small companies around the world.
November 02, 2021