How organizations view and manage cyber risk - Help Net Security

How organizations view and manage cyber risk - Help Net Security

Amid a wider range of issues to handle, a majority of board members and senior executives responsible for their organization’s cyber risk management had less than a day in the last year to spend focused on cyber risk issues, the 2019 Marsh Microsoft Global Cyber Risk Perception Survey results have revealed.



This lack of time for senior leaders to focus on cyber risk comes as concern over cyber threats hits an all-time high, and as confidence in an organization’s ability to manage cyber threats has declined.


Strategic cyber risk management remains a challenge


Marsh polled 1,500 business leaders from all over the world and from companies in a wide variety of industry sectors and correlated the results with a related survey conducted in 2017.


According to this year’s survey, nearly 80% of organizations now rank cyber risk as a top-five concern, compared to 62% in 2017. Only 11%, however, expressed a high degree of confidence in their ability to assess cyber threats, prevent cyber-attacks, and respond effectively. This is down from 19% in 2017.


For many organizations, strategic cyber risk management remains a challenge. For example, while nearly two-thirds (65%) of organizations surveyed identified a senior executive or the board as a main owner of cyber risk management, only 17% of c-suite executives and board members said they spent more than a few days in the past year focusing on the issue. 51% spent several hours or less.


Likewise, 88% of respondents identified their information technology and information security functions as primary owners of cyber risk management, yet 30% of IT respondents said they spent only a few days or less over the last year organizations manage cyber security