Almost half of organisations only have a basic understanding of exposure to cyber risk, according to Marsh.
Marsh’s European 2015 Cyber Survey found that organisations across Europe are growing increasingly concerned about the likelihood and impact of cyber attacks, but only 49 percent have a basic understanding of exposure, while 26 percent have a limited understanding and 4 percent have no understanding.
Only 21 percent of organisations have a complete understanding, according to Marsh’s survey. The figures put organisations in a poor position to prioritise their risk mitigation efforts and risk transfer strategies, according to Marsh.
The survey also revealed that 25 percent of organisations do not consider cyber risk to be material enough to even get on the risk register, while 30 percent place the risk outside of the top 10.
These organisations should undertake a re-evaluation of cyber risk, to understand how exactly it poses a threat to them and their operations, according to Marsh.
Marsh added that it is reasonable to assume that, because cyber risk is low down on, or completely absent from, these organisations’ risk registers, it is not going to receive the level of investigation required to map and quantify the risk to the business.
This will restrict efforts to mitigate the threat posed by cyber risk. It will make ascertaining the value, and therefore suitability, of available risk transfer options all the more problematic, said Marsh.
