Cyber risk rises to top of corporate agenda: Marsh survey
- Published: Tuesday, 17 October 2017 12:50
Cyber risk has been elevated to the top of the corporate agenda for organizations doing business in Europe according to a survey conducted by Marsh. The European Union’s General Data Protection Regulation (GDPR), which takes effect in May 2018, is one of the key drivers of this rise. In the global survey of over 1,300 senior executives, 65 percent of respondents whose organizations offer products or services in the EU said that they now consider cyber as a top risk. In a similar survey Marsh conducted in Continental Europe last year, only 32 percent of responding organizations rated cyber as a top-five risk.
“The imminent implementation of the GDPR is spurring firms to take a fresh look at their cyber risk, not just their privacy protocols,” said John Drzik, President of Global Risk & Digital at Marsh. “This survey indicates that the most prepared firms are using GDPR as a catalyst to enhance their cyber risk management, including a more economic evaluation of their risks and an increased focus on building resilience in the face of an inevitable cyber incident.”
Organizations responded that they intend to spend more on cyber risk management. Of those respondents whose organizations have plans for GDPR implementation, 78 percent said they would increase spending on addressing cyber risk over the next 12 months, including spending on cyber insurance. Notably, 52 percent of those who do not have a plan for GDPR indicated that their investment in cyber risk management would increase.
GDPR readiness will require additional attention in the immediate future. Just 8 percent of respondents at GDPR-affected organizations asserted that their firms were fully compliant; 57 percent of respondents indicated that their organizations were developing compliance plans; and 11 percent said they had yet to start. Smaller organizations were more likely not to have a plan for GDPR, with 19 percent of respondents from businesses with less than $50m annual revenue replying that no plan was in place.www.marsh.com