by James Middleton
More than half of business risk managers in Canada feel that their company is not dedicating enough resources, in terms of both money and people, to cyber security.
A poll of 102 risk management professionals at the Risk and Insurance Management Society Conference Canada (RIMS Canada) in Quebec City in September revealed that 55% did not feel their company was dedicating enough resources to cyber security, while a further 5% said “don't know”.
The survey, carried out by the Boiler Inspection and Insurance Company of Canada (HSB BI&I), part of
Munich Re, also found that 42% of those polled do not have cyber insurance coverage, leaving them open to significant financial risks.
Yet worryingly, only 31% said they had not experienced any hacking scares or incidents in the last year. A total of 18% said they had experienced more than 15 such events. It should also be noted that the caveat for this question is security incidents the company is actually aware of – figures from PwC Canada in 2014 suggest that as much as 71% of security breaches go undetected. In this context, the Munich Re numbers could be considered conservative.
The 'just because you can't see it doesn't mean it's not happening' issue is hinted at by Derrick Hughes, vice president for HSB BI&I, who said: “With the prevalence of cyber attacks in Canada, there is a clear discrepancy among risk managers’ perceptions and the level of exposure their companies face from hacking activity. Hackers have evolved and so have the risks. Businesses must do more to protect their sensitive information and manage any data breaches.”
