Only 11% of firms have cyber policies: Marsh
Only 11 percent of UK firms currently have cyber policies in place, according to a cyber risk survey report by Marsh.
The majority (52.8 percent) of firms surveyed have or are seeking to buy cyber insurance in the next 12 months while the percentage of firms that have experienced a cyber attack in the past 12 months has risen to 40.3 percent.
“However, compared with other statistics (HM Government’s 2015 Information Security Breaches Survey states that 90 percent of large organisations and 74 percent of small organisations have suffered a security breach), this figure is still low, indicating that many of the respondents to this year’s survey are either particularly fortunate or (more likely) unaware of breach events within their firms,” said the report.
In addition, all of the respondents in the communications, media, and technology and energy industries reported that they had been subject to a cyber attack in the past 12 months. This most likely reveals a more enlightened position of those organisations rather than any high level of vulnerability.
Marsh believes that there is a lot of work that needs to be done by UK firms to improve their understanding and management of cyber risk. This includes assessing their customers and trading partners for cyber risk.
The survey found that nearly 70 percent of respondents from large and medium-sized corporations across the UK do not assess the suppliers and/or customers they trade with for cyber risk.
More than half of respondents (51.4 percent) stated that their organisation has not been asked to demonstrate a competent standard of their IT security practices to their bank and/or customers, in order to do business with them.
Stephen Wares, Marsh’s cyber risk practice leader, Europe, the Middle East and Africa (EMEA), said: “If organisations are to reduce the threats arising from cyber attacks, more work needs to be done to consider cyber security as a business issue, as opposed to a technical problem.
“This is especially true for larger organisations, which attract highly motivated and sophisticated hackers that might identify smaller business partners that are typically less well protected as the ‘back-door’ into their IT systems.”
