An increase in the number of cyberattacks and growing awareness of the threat has made cybersecurity a key boardroom level agenda item.
After previous research showed just 1 in 7 security chiefs report to the CEO, according to a new study from Marsh, there has been a discernable increase in the understanding of cyberthreats among board members.
In its paper, titled UK Cyber Risk Survey Report: 2016, it revealed that 71.8% of respondents have now included cyberthreats in their top-five or top-10 corporate risk registers. Last year the figure was 45.8%.
There were other positive developments. Marsh also found that 83% of respondents now have “a basic or complete understanding of their company’s exposure to cyber risk”. In 2015 this was 60.8%.
“Increasing awareness is just part of the task facing UK organizations, however, and there is still a great deal of work to be done to improve understanding and management of cyber risk,” the authors of the paper commented.
“While it is encouraging that, today, 30.3% of UK businesses have board-level oversight of cyber risk – a 56% rise on the figure from 12 months ago – IT departments continue to take primary responsibility for the review and management of cyber risks in more than half (55.7%) of organizations.”
Marsh added that it was particularly concerned by the fact that 64.6% of UK enterprises have yet to look into the possible financial implications of a cyberattack.
This paper comes on the back of a similar collaborative study from BT and KPMG, which suggested that businesses need to be aware of the “industrialization of cybercrime”.
“With cybercrime continuing to escalate, a new approach to digital risk is needed – and that means putting yourself in the shoes of attackers,” Mark Hughes, CEO of BT Security, commented in July.
“Businesses need to not only defend against cyberattacks, but also disrupt the criminal organizations that launch those attacks.”
by Narinder Purba, ESET We Live Security