Response to Cyber Threats Found Lacking

Businesses are alert to threat of hacker attacks but can "do a lot better" to counter them, survey of risk managers says.
Matthew HellerJune 8, 2015

Almost 70% of U.S. businesses experienced at least one hacking incident in the last year, but more than half of risk managers believe their company is not doing enough to combat cyber threats, according to a new survey.

In a poll conducted at the Risk and Insurance Management Society (RIMS) conference in April, The Hartford Steam Boiler Inspection and Insurance Company (HSB) found that risk managers viewed loss of confidentiality of information as the biggest cyber risk (76%), followed by service interruption (16%) and government intrusion (5%).

Concerns about the type of information being breached ranged from personally identifiable information (53%) to sensitive corporate information (33%) to financial information (14%).

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

When asked about the type of risk management services they would be most interested in deploying to combat cyber risk, risk managers pointed to intrusion detection/penetration testing (32%), employee education programs (25%), and encryption (25%).

“Hackers have evolved and so have their methods of attack,” said Eric Cernak, Cyber Practice Leader for HSB’s parent company Munich Re, in a news release. “Businesses are on high alert, but they can do a lot better. Simply reacting to new threats is not enough. Businesses of all sizes need to anticipate hacking trends and deploy the resources necessary to protect their private or sensitive information.”

For additional protection, 46% of respondents said their business had either purchased cyber insurance for the first time or increased its level of coverage in the last year. Thirty-six percent of businesses do not have any level of cyber insurance coverage.

In a new survey of its members, RIMS found that only 51% purchased stand-alone cyber insurance policies and 58% carried less than $20 million in cyber coverage. Seventy-four percent of those without coverage said they were considering purchasing it in the next 12 to 24 months.

About 28% of RIMS members said their organization will spend less than $100,000 on cyber security this year, while about 25% said spending would exceed $1 million.