alphaspirit - Fotolia
UK firms are still grappling with significant gaps in their cyber security knowledge, with research revealing more than one-third (35.4%) do not know how much an attack against their systems would cost them.
According to Marsh’s UK Cyber Risk Survey Report 2016, organisations are developing a keener awareness of cyber security risks, with 83.8% of respondents claiming to have a basic-to-complete understanding of the threats posed to their business. In the 2015 version of the report, this figure stood at 60.8%.
The report cites the rise in attacks against high-profile organisations in the UK as playing a key role in increasing awareness of cyber risks, along with education efforts by private and public sector organisations.
Furthermore, 29% of respondents claim to have bought, or are in the process of acquiring cyber insurance cover, while 26% are said to be seeking quotations for cyber insurance.
Despite this, many organisations still appear to be in the dark about the financial toll a serious cyber incident could have on their business, the report suggests.
Just over 40% of organisations claim to have suffered a cyber attack in the past 12 months, while 15.4% said they had insufficient knowledge to confirm or deny they had been victim to hackers during this period.
Meanwhile, since the 2015 report, the percentage of organisations that have carried out a financial impact study into the cost of a cyber attack against their business has fallen from 39.9% to 35.4%.
“This may suggest that, despite it being made clear that an increasing number of UK organisations are identifying the risk, they still have some way to go in terms of applying basic risk management techniques, such as impact measurement and qualification of potential losses,” the report says.
“A financial impact analysis is the next step for these organisations and one tht is necessary to put them in a strong position to eventually mitigate or transfer the risk.”
The report was created to provide an overview of organisations’ attitudes towards cyber security and how they manage the associated risks. It is based on feedback from a mix of medium-to-large sized risk and finance professionals.
The report also highlights other areas where an organisation’s cyber security knowledge could be considered lacking, based on the finding that just 26% of respondents said they assess the cyber risks associated with doing business with third-party supply chain partners.
On the flipside, 35% of participants said they had been asked by their bank or their customers to prove their cyber security credentials in order to do business with them.
Mark Weil, CEO of insurance broker Marsh UK & Ireland, said the study results demonstrate organisations still have some way to go to improve their security posture.
“This increase in board-level ownership and control suggests that the recent series of high-profile cyber incidents has resulted in UK organisations recognising that cyber threats are serious,” he said.
“We also welcome the growing take-up of cyber insurance as a way for boards to verify in the risk market that their security measures are effective. The gaps in assessing supplier risk and quantifying the scale of cyber threat suggest that there is still plenty to do.”