Executives and boards of directors appear to risk-management professionals to be less concerned about cybersecurity risk this year compared to last, according to a survey of risk professionals by the Zurich Insurance Group Ltd. and Advisen Ltd.
The survey found 62% of risk professionals believe their boards of directors view cyber risk as a significant threat to their organizations, compared to 83% the prior year. Also, 60% of the 315 risk professionals polled said executive management views cyber risk as a significant threat compared to 85% in 2016.
“This could indicate board members have become more comfortable in their understanding of cyber exposures,” the Security and Cyber Risk Management survey report said. “Or, it could mean risk professionals are not up-to-date on the evolving nature of cyber risk and the possible magnitude of the losses.”
Just 53% of respondents knew of changes or upgrades made following well-known attacks in early 2017. “This could indicate that risk professionals are either less educated about the exposures, have concluded these exposures are less significant to their business, or are confident (or overconfident) in their cybersecurity controls,” said the survey report. “Or the reason could be that risk professionals are not fully aware that the nature of the cyber risk has been evolving beyond data security and toward interconnected risks, including business interruption due to malware and ransomware attacks.”
– Nicholas Stern, managing editor