Cyber remains a top concern, but business leaders may be overconfident about their resilience against the threat, according to new research from Beazley.

Cyber was chosen as the No. 1 technology risk for 28 percent of UK and U.S. respondents in Beazley’s 2022 risk and resilience study, but this is a noticeable decrease from 34 percent in 2021. Meanwhile, 41 percent of UK and U.S. business leaders said they feel “very prepared” to meet the cyber threat, down slightly from 44 percent in 2021.

“We are detecting signs that business leaders may have become a little complacent—even overconfident—about the cyber and technology risks faced by their businesses. Perhaps because of the overwhelming challenge that the current geopolitical environment poses today, they may be being blinded to the threat that cyber and technology risk may deliver tomorrow,” said Patricia Kocsondy, head of U.S. cyber and technology, Beazley.

Among the study’s findings:

  • Technology obsolescence is the No. 1 risk for 27 percent of UK and U.S. business leaders, displacing disruption in the ranking. At the same time, perceived resilience has also dropped, possibly as companies struggle with the cost and effort of updating or replacing legacy systems.
  • Intellectual property (IP) is still lowest on the list of concerns, but risk perception has dramatically increased, up 107 percent from last year, with 21 percent of respondents citing it as a top concern. IP disputes have become more frequent, so-called “cyber-squatting” has surged, and there has been an alarming growth in the number of filings by “patent trolls,” with U.S. businesses in particular alert to the risk of IP theft from companies in China.
  • While perceived resilience to cyber and technology risks generally remains relatively high, with 31 percent of UK firms and 43 percent of U.S. firms feeling “very prepared” across all four risks within this risk category, resilience perception has dropped across the board, down 9 percent on average.
  • Insurers are becoming more selective about which cyber risks they write. Cyber insureds need to do more than simply tick the box when it comes to cyber resilience and risk management, as they seek to protect intangible assets and ensure business continuity.

“It can be easy for companies who’ve never experienced a cyber attack to underestimate their level of preparedness… but the fact of the matter is that cyber risk isn’t going away and companies are more dependent on technology than they’ve ever been in the past,” said Kocsondy.