alphaspirit - Fotolia

Cyber security awareness growing within business sector, research shows

While awareness of cyber security risks is improving, fewer firms know how much an attack is likely to cost them

UK firms are still grappling with significant gaps in their cyber security knowledge, with research revealing more than one-third (35.4%) do not know how much an attack against their systems would cost them.

According to Marsh’s UK Cyber Risk Survey Report 2016, organisations are developing a keener awareness of cyber security risks, with 83.8% of respondents claiming to have a basic-to-complete understanding of the threats posed to their business. In the 2015 version of the report, this figure stood at 60.8%.

The report cites the rise in attacks against high-profile organisations in the UK as playing a key role in increasing awareness of cyber risks, along with education efforts by private and public sector organisations.

Furthermore, 29% of respondents claim to have bought, or are in the process of acquiring cyber insurance cover, while 26% are said to be seeking quotations for cyber insurance.

Despite this, many organisations still appear to be in the dark about the financial toll a serious cyber incident could have on their business, the report suggests.

Just over 40% of organisations claim to have suffered a cyber attack in the past 12 months, while 15.4% said they had insufficient knowledge to confirm or deny they had been victim to hackers during this period.

Meanwhile, since the 2015 report, the percentage of organisations that have carried out a financial impact study into the cost of a cyber attack against their business has fallen from 39.9% to 35.4%.

“This may suggest that, despite it being made clear that an increasing number of UK organisations are identifying the risk, they still have some way to go in terms of applying basic risk management techniques, such as impact measurement and qualification of potential losses,” the report says.

“A financial impact analysis is the next step for these organisations and one tht is necessary to put them in a strong position to eventually mitigate or transfer the risk.”

The report was created to provide an overview of organisations’ attitudes towards cyber security and how they manage the associated risks. It is based on feedback from a mix of medium-to-large sized risk and finance professionals.

The report also highlights other areas where an organisation’s cyber security knowledge could be considered lacking, based on the finding that just 26% of respondents said they assess the cyber risks associated with doing business with third-party supply chain partners.

On the flipside, 35% of participants said they had been asked by their bank or their customers to prove their cyber security credentials in order to do business with them.

Mark Weil, CEO of insurance broker Marsh UK & Ireland, said the study results demonstrate organisations still have some way to go to improve their security posture.

“This increase in board-level ownership and control suggests that the recent series of high-profile cyber incidents has resulted in UK organisations recognising that cyber threats are serious,” he said.

“We also welcome the growing take-up of cyber insurance as a way for boards to verify in the risk market that their security measures are effective. The gaps in assessing supplier risk and quantifying the scale of cyber threat suggest that there is still plenty to do.”

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Web application security

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

The upside is that awareness is increasing. It’s much like Bloom’s Taxonomy of knowledge - businesses can currently recall (and possibly even explain) facts and basic concepts, but they cannot yet use information in new situations, such as in determining how much an attack will cost them. But, that will come in time. The upside is that awareness is increasing, and that’s a start.
Cancel
Awareness may be increasing probably because cybercrime is making headlines each day and most of us have been a victim to it at some point in time, even if it is spam or a malware infection. 

Whilst awareness needs to increase outside of the IT sphere as everyone plays a role in fighting cybercrime; better awareness of the risk and cost of impact is essential. The use of the words "with 83.8% of respondents claiming to have a basic-to-complete understanding of the threats posed to their business" is highly subjective. A claim is an opinion; not a fact. I still see huge opportunity for directors to have meetings with their risk and audit committees and C-suite and look at all of the costs of impact (including the 40+ hidden costs) to truly understand the risk.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close