Only 19% of organizations have purchased insurance specifically designed to cover cyber risk, according to a survey released Monday by Zurich Insurance Co. Ltd.
Conducted by the Harvard Business Review Analytic Services, the survey of 152 private sector and public sector organizations found that while 76% of respondents expressed concerned about information security and privacy over the past three years, relatively few are taking concrete actions.
The survey found that only 16% of companies have designated a chief information security officer to oversee cyber risk and just 44% have increased their budget to address the issue.
Steve Wilson, chief risk officer for general insurance, Zurich Insurance Group, said the scope of the challenge of protecting data challenges businesses and governments.
“As well as regulatory responsibilities to protect proprietary information, organizations have a duty of care to ensure their measures are robust,” Mr. Wilson said in a statement. “Furthermore, companies are exposed to the risk of a significant decline in stock price compared with industry peers following a cyber security breach as a result of the negative reputation impact.”
Assessing individual risk, respondents viewed malware and viruses as the top concern, followed by administrative errors or mistakes by employees and incidents caused by third-party data suppliers as the chief causes for concern.
“Cyber risk comes in a bewildering variety of forms for organizations and we hope this research will provide risk managers with important insights into this critical issue,” Mr. Wilson said. “As the survey shows, it is essential that organizations do not fall into the trap of a top-down approach, taking a holistic approach which engages all employees to meeting this challenge.”