The latest resilience news from around the world

The State of Cyber Resilience: no progress in executive confidence

Almost three years of unrelenting workplace disruption, digital transformation, and ransomware attacks means that most organizational leaders are no more confident in their ability to manage cyber risk than they were two years ago. This is according to a new report published by Marsh and Microsoft.

The report, ‘The State of Cyber Resilience’, questioned over 660 cyber risk decision makers globally and analyses how cyber risk is viewed by various functions and executives in leading organizations, including cyber security and IT, risk management and insurance, finance, and executive leadership.

According to the report, leadership confidence in their organization’s core cyber risk management capabilities – including the ability to understand/assess cyber threats, mitigate/prevent cyber attacks, and manage/respond to cyber attacks – is largely unchanged since 2019, when 19.7 percent of respondents stated they were highly confident, compared to 19 percent in 2022.

“Given the continued rise of ransomware and the current tumultuous threat landscape, it is not surprising that many organizations do not feel any more confident in their ability to respond to cyber risks now than they were in 2019,” said Sarah Stephens, Head of Cyber, International, Marsh.

Further, many organizations are still struggling to understand the risks posed by their vendors and digital supply chains as part of their cyber security strategies. Only 43 percent of respondents stated that they have conducted a risk assessment of their vendors or supply chains.

Other key findings of the report include:

  • Only 41 percent of organizations look beyond cyber security and insurance to engage their legal, corporate planning, finance, operations or supply chain management functions in making cyber risk plans.
  • Nearly four in ten respondents (38 percent) said their organization uses quantitative methods to measure their cyber risk exposure, which is a critical step in understanding how cyberattacks and other events can create volatility. This is an improvement from the 2019 survey, when three in ten respondents (30 percent) stated that their organization uses quantitative methods.

Tom Reagan, Cyber Risk Practice Leader, US & Canada, Marsh, added: “Cyber risks are pervasive across most organizations. Successfully countering cyber threats needs to be an enterprise-wide goal, aimed at building cyber resilience across the firm, rather than singular investments in incident prevention or cyber defense. Greater cross-enterprise communication can help organizations bridge the gaps that currently exist, boost confidence, and better inform overall strategic decision making around cyber threats.”

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.