Are Corporate Leaders Ignoring Cyberrisk Lessons?

Hilary Tuttle


December 1, 2017

cyber risk management

Despite another record year for cybercrime and headline-making cyberattacks, recognition of the risk may be waning among corporate leaders, according to Zurich and Advisen’s annual Information Security and Cyberrisk Management survey.

While 85% of risk professionals surveyed in 2016 said executive management views cyberrisk as a significant threat to the organization, only 60% said the same this year. They reported a similar decline among board members, from 83% to 62%.

High-profile attacks, including the crippling spread of WannaCry ransomware in May, demonstrated the widespread vulnerability and potential disruption of operations among businesses worldwide, but only 22% rated business continuity as “high risk.” What’s more, only 53% of respondents knew of any changes to their company’s cybersecurity systems in response to these attacks and just 10% identified business interruption as the primary motivation for purchasing cyber insurance.

Cyber insurance take-up rates also slowed in 2017, after increasing from 35% to 65% between 2011 and 2017.

Hilary Tuttle is managing editor of Risk Management.