Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Many companies do not give sufficient attention to cyber risks

Many companies still do not devote sufficient attention to cyber risks, despite an increase in frequency, scope, and sophistication – and harsher penalties for lack of regulatory compliance and loss of sensitive data. This finding comes from research conducted in association with the Federation of European Risk Management Associations (FERMA) by Harvard Business Review Analytic Services, corporate insurer Zurich and the public sector risk management organisation PRIMO.

FERMA board member Julia Graham who led FERMA’s participation in the project said: “Too often I have seen well embedded principles and practices associated with risk management and risk financing discarded when the subjects of information security and specifically cyber security are considered.”

More than three-quarters (76 percent) of survey respondents said that information security and privacy had become more significant areas of concern in the past three years. A majority also indicated that board involvement is growing in their organization.

Only 16 percent of companies covered in the survey have designated a chief information security officer to oversee cyber risk and privacy, and less than half (49 percent) agree they have a strategy for communication to the general public in case of a cyber risk incident.

Just 19 percent of respondents have purchased security and privacy insurance specifically designed to cover exposures associated with information security and privacy issues, and only 44 percent said their company’s budget for these risks has grown.

The sheer number of ways in which data can be lost, stolen, or misappropriated illustrates the prevalence of the threat. Respondents highlighted the following threats to the information security and confidentiality:

  • malware and other viruses
  • administrative errors
  • incidents caused by data providers
  • malicious employee activity
  • attacks on web applications
  • theft or loss of mobile devices
  • internal hackers.

Regulation and compliance concerns appear to be driving much of organizations’ planning around cyber risk. Survey respondents most frequently placed business income loss and the cost of restoring crucial proprietary electronic information among their top five concerns.The next three concerns all related to legal liability:

  • Legal defence and settlement costs from third party claims
  • Costs of regulatory settlements
  • Costs of defending regulatory investigations.

Access the full report, Meeting the Cyber Risk Challenge.

•Date: 31st Jan 2013 • UK/Europe •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here