An increase in the number of cyberattacks and
growing awareness of the threat has made cybersecurity a key boardroom level
agenda item.
This is according to a new study from Marsh, which
stated that there has been a discernable increase in the understanding of
cyberthreats among board members.
In its paper, titled UK Cyber Risk Survey Report: 2016, it revealed that 71.8% of respondents
have now included cyberthreats in their top-five or top-10 corporate risk
registers. Last year the figure was 45.8%.
There were other positive developments. Marsh also
found that 83% of respondents now have “a basic or complete understanding of
their company’s exposure to cyber risk”. In 2015 this was 60.8%.
“Increasing awareness is just part of the task
facing UK organizations, however, and there is still a great deal of work to be
done to improve understanding and management of cyber risk,” the authors of the
paper commented.
“While it is encouraging that, today, 30.3% of UK
businesses have board-level oversight of cyber risk – a 56% rise on the figure
from 12 months ago – IT departments continue to take primary responsibility for
the review and management of cyber risks in more than half (55.7%) of
organizations.”
Marsh added that it was particularly concerned by
the fact that 64.6% of UK enterprises have yet to look into the possible
financial implications of a cyberattack.
This paper comes on the back of a similar collaborative study from BT and KPMG, which suggested that
businesses need to be aware of the “industrialization of cybercrime”.
“With cybercrime continuing to escalate, a new
approach to digital risk is needed – and that means putting yourself in the
shoes of attackers,” Mark Hughes, CEO of BT Security, commented in July.
“Businesses need to not only defend against
cyberattacks, but also disrupt the criminal organizations that launch those
attacks.”