Only 2% of business are properly insuring for Cyber Risks
That is the shocking conclusion from the panel session held at the recent CBI Cyber Security Conference.
The panel session was chaired by Matthew Fell, Policy Director, CBI and included Giles Smith, Deputy Director Cyber Security and Resilence from DCMS and Steven Wares, Head of Cyber Practice, EMEA, Marsh. London, June 2015.
Despite the attention on Cyber Risk over the past few years it is clear there is much more that needs done if business is to start balancing the risk faced. While progress is being made, it still seems as though there is still reluctance by many to see cyber as a real risk to the business.
Risk managers often find it difficult to connect or understand the subject and many IT professionals continue to see the issues raised as principally an IT issue with few are actively engaging with their risk teams to build a balanced approach. With most organizations now dependent on technology a cyber issue can cripple operations or expose the organization to liabilities from regulators and other stake holders.
Even by applying good basic measures, such as the governments Cyber Essentials Scheme, firms may find they lack the resources to respond and cope with an incident when the expertise and time needed comes with quite a price!
A well structured approach to prevent and mitigate the threat from Cyber, combined with a well thought through Insurance policy, can dramatically change outcomes and help deliver not only an enhanced capability, but also help build competitive advantage. If you'd like to know more about how you can build an effective approach to Cyber Risk Management check out the CRIF Framework on our resources pages.
You might also like ...
In March 2013, the UK Department for Business, Innovation and Skills issued a “Call for Views and Evidence” that built on the commitments made in the 2011 Cyber Security Strategy published by government.
The Call for Evidence focused on the intention of government to encourage the adoption of industry led standards that can be used by organisations to improve the management of cyber risk.