Cybersecurity enters the boardroom as threat evolves - Marsh report

Cybersecurity enters the boardroom as threat evolves - Marsh report | Insurance Business

Cybersecurity enters the boardroom as threat evolves - Marsh report

The rise in cyber attacks is forcing companies to rethink their approach to risk management, according to a new report from Marsh & McLennan Companies’ Global Risk Centre and education and development organization WomenCorporateDirectors (WCD).

“With increasing threats of attack on their data and systems, boards are demanding much more information about their organizations’ risks and how well they are covered against loss and breaches,” said Susan C. Keating, CEO of WCD.

For the study, Cyber Risk Management Response and Recovery, Marsh & McLennan’s Global Risk Centre interviewed WCD corporate directors to find how their companies were addressing cyber threats and the use of cyber insurance.

“As the global regulatory landscape becomes more complex, cybersecurity is gaining increased board-level attention,” said Elisabeth Case, US cyber advisory leader for Marsh, a subsidiary of Marsh & McLennan Companies. “Boards are definitely stepping up their oversight.”

However, the report found that company leaders are still worried about factors they believe put their organizations at greater risk, the study found. Those factors include:

  • Director-level cyber experts are rare: Few company directors grew up in the digital age, and boards are finding themselves playing catch-up as technology and risk evolves
  • Lack of benchmarking on security practices: Companies aren’t sure how their policies and procedures stack up against those of their peers.
  • Unknown risks around third-party providers: One third of organizations don’t assess the cyber risk of their vendors
  • Inadequate transparency: Management often downplays risk, leaving directors unsure of how to best support mitigation efforts.

“Cyber risk is just one of the areas in which boards have to ‘see around corners’ to anticipate what is coming next as far as threats for their companies,” Keating added. “With the increasingly complex nature of the risks ahead, sharing our best practices and hard-won experiences and insights is the best way to improve governance around these incredibly challenging areas.”

 

Related stories: