The role of insurance in managing and mitigating the risk

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.mynewsdesk.com/uk/the-business-continuity-institute/news/the-role-of-insurance-in-managing-and-mitigating-the-risk-110572

With 81% of large UK businesses and 60% of small companies suffering a
cyber security breach in the last year, a new report published by the UK
Government and Marsh entitled UK Cyber Security: The Role of Insurance in
Managing and Mitigating the Risk has highlighted the exposure of firms to
cyber attacks among their suppliers.

Cyber threats are estimated to cost the UK economy billions of pounds each
year with the cost of cyber attacks nearly doubling between 2013 and 2014.
The report found that, while larger firms have taken some action to make
themselves more cyber-secure, they face an escalating threat as they become
more reliant on online distribution channels and as attackers grow more
sophisticated. The report issues a call to arms for insurers and insurance
brokers to simplify and raise awareness of their cyber insurance offering
and ensure that firms understand the extent of their coverage against cyber
attack.

The cyber threat is also a very real for business continuity professionals
with the Business Continuity Institute’s latest Horizon Scan report
highlighting that cyber attacks are now perceived to be the number one
threat to organizations. 82% of respondents to a survey expressed either
concern or extreme concern at the prospect of this threat materialising.

The report recommends that organizations stop viewing cyber largely as an
IT issue and focus on it as a key commercial risk affecting all parts of
their operations, and that they examine the different forms of cyber
attacks they face, to stress-test themselves against them and to put in
place business-wide recovery plans.

The report also notes a significant gap in awareness around the use of
insurance with around half of firms interviewed being unaware that
insurance was available for cyber risk. Other surveys suggest that despite
the growing concern among UK companies about the threat of cyber attacks,
less than 10% of UK companies have cyber insurance protection even though
52% of CEOs believe that their companies have some form of coverage in
place.

Francis Maude, Minister for the Cabinet Office and Paymaster General, said:
“Insurance is not a substitute for good cyber security but is an important
addition to a company’s overall risk management. Insurers can help guide
and incentivise significant improvements in cyber security practice across
industry by asking the right questions of their customers on how they
handle cyber threats”.

Mark Weil, CEO of Marsh UK and Ireland, added: “While critical
infrastructure in regulated sectors, such as banks and utility firms, are
used to this kind of risk, most firms are not and their risk management
practices are geared around lower-level, slower moving risks. Companies
will need to upgrade their risk management substantially to cope with the
growing threat of cyber attack, including introducing disciplines such as
stress-testing, and creating a joined-up recovery plan that brings together
financial, operational, and reputational responses.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!