Despite mounting concerns about the consequences of a cyber attack on their customers and reputations, many leading European organisations are still taking an immature approach to cyber risk and have yet to fully embed cyber threats into their risk management strategies as a result.
According to the findings of Marsh's 2013 Cyber Risk Survey, conducted at the firm's annual Digital Threats conference, 71% of respondents said that their concerns around cyber risk have increased in the last 12 months. Further, 54% stated that their organisation had recently been subjected to a cyber attack.
While 17% of respondents believe that the financial impact of a cyber attack could potentially cost their organisation in excess of $5m, 22% admitted that their organisation had not conducted a dedicated cyber risk financial impact assessment. On their organisations' perceived existing cyber risk maturity level, only 23% believed that management of cyber risk is fully embedded and optimised within their firms.
Stephen Wares, EMEA Cyber Risk Leader at Marsh, commented: "The spectre of a cyber attack evidently looms large among the risks that risk managers believe could threaten the continued success of their organisations. Despite this, it would seem that in the majority of firms, cyber risk is still largely misunderstood and many struggle to implement a clear strategy to tackle it effectively."
Marsh's survey also found that only 12% of respondents stated that their organisation currently purchased cyber insurance cover, despite 76% stating that they were familiar with the products available.
Mr Wares added: "The fact that so few respondents buy cyber insurance, despite high product awareness, is a clear indication that the insurance industry has more work to do in educating clients and developing cover that will adequately respond to their needs."