Harvard Business Review highlights the Cyber Risk Challenge
A report sponsored by Zurich Insurance Group and FERMA from Harvard Business Review Analytic Services is highlighting the challenge facing business as it faces up to the task of securing data and meeting the increasing demands of laws, regulations and stakeholders.
More than 75% of participants said information security and privacy are now more significant concerns than three years ago.
The sheer number of ways in which data can be lost, stolen, or misappropriated illustrates the prevalence of the threat. More than one in four survey respondents mentioned each of the following as being among the most serious information security concerns for their organizations: malware and other viruses (72.4 percent), administrative errors (48 percent), incidents caused by data providers (34.2 percent), malicious employee activity (30.9 percent), attacks on Web applications (30.3 percent), theft or loss of mobile devices (28.3 percent), and internal hackers (25.7 percent).
Awareness and attention to cyber risk may not be penetrating fast enough to all levels of the organization to keep the risk of such events under control. Only 36.3 percent of survey respondents said their organization conducts information security and risk training at the enterprise level for all employees, and less than half said it occurs either annually or biannually. The lag was even more pronounced in the public sector, where only 9 percent of respondents said their organization was providing training at the enterprise level and only one in three were doing so annually or biannually.
The report also stresses the need for a complete approach connecting stakeholders, processes and the protection available with cyber risk insurance. Jerome Gossé, financial lines underwriter at Zurich Global Corporate said “Insurance is the last step in the process of addressing cyber risks - its the last line of defense after organizational and technological processes and tools are in place."
The problem, Gossé noted, is that traditional policies, like commercial general liability insurance, do not cover these risks and generally cannot be extended to do so.
To read the full report please click the link below