A majority of businesses admit that they experienced at least one cyber attack in the last year; companies also increasingly see these risks as a major threat to their operations. Faced with these challenges, boards and executives are fighting back in increasing numbers, according to three new studies.
Here are the three studies and their respective major findings:
Hartford Steam Boiler
Nearly 70 percent of businesses say they’ve experienced one or more hacking events in the last year, but 55 percent aren’t confident that they’re dedicating enough dollars or personnel to fight the evolving problem, according to a study of risk managers from technology and data security insurer Hartford Steam Boiler. The study was conducted at the Risk and Insurance Management Society Conference (RIMS) in New Orleans on April 27, 2015.
As well, 46 percent of respondents say their business either purchased cyber insurance for the first time or increased their level of coverage in the last year. But 36 percent of businesses don’t have any level of coverage. Of note: 32 percent said they’re most interested in using intrusion detection/penetration testing to fight cyber risks. About 25 percent say they want to use employee education programs, and 25 percent chose encryption.
This study involved large, mid-sized and small companies, though 63 percent were large enterprises. Industries reflected in the study include manufacturing/industrial, retail, financial services, government/military, medical/healthcare and education.
Marsh/Disaster Recovery Institute International
Businesses consider cyber and IT-related risks the most likely to happen and have the largest impact on their operations, according to Marsh and the Disaster Recovery Institute International’s “2015 International Business Resiliency Survey.” The survey elicited responses from nearly 200 C-level executives, risk professionals and business continuity managers from large and medium-sized corporations around the world.
79 percent of respondents said that reputational damage from a sensitive data breach were most likely and would have the biggest impact. About 58 percent said that online services being unavailable because of a cyber attack would have the biggest impact, and 77 percent said that such an incident was most likely.
At the same time, CEOs may overestimate the levels of protections they have for these likely and high-impact risks. Consider: 28 percent said they have dedicated insurance coverage against cyber attacks, and 21 percent said they have dedicated insurance coverage for reputational damage after a data breach.
Georgia Tech Information Security Center
A new global study from the Georgia Tech Information Security Center (supported by Forbes, the Financial Services Roundtable and Palo Alto Networks), offers some hope in the ongoing challenges businesses face in responding to cyber threats.
In their poll of board directors and executives from Forbes Global 2000 companies, they found that 63 percent of respondents are actively addressing computer and information security. That’s up from just 33 percent in 2012.
They also found that 53 percent of boards established a risk committee – separate from the audit committee – to handle cyber risk issues. This compares to 8 percent in 2008.
Also, 48 percent of respondents said their boards are focusing on cyber insurance, up from 28 percent in 2012. As well, 59 percent of respondents said their board had a director with risk expertise, with 23 percent saying they had one with cyber security expertise.
Sources: Hartford Steam Boiler, Marsh, Disaster Recovery Institute International, Georgia Tech Information Security Center