Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/18/2019
12:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Business Leaders Have Less Than One Day Each Year to Focus on Cyberrisk: Marsh, Microsoft

The survey highlights a gap between companies' concern and approach to cyberthreats.

New York, September 18, 2019 – Amid a wider range of issues to handle, a majority of board members and senior executives responsible for their organization’s cyber risk management had less than a day in the last year to spend focused on cyber risk issues. The findings form part of a new report published today by Marsh, the world’s leading insurance broker and risk adviser, and Microsoft Corp., the leading platform and productivity company for the mobile-first, cloud-first world.

This lack of time for senior leaders to focus on cyber risk comes as concern over cyber threats hits an all-time high, and as confidence in an organization’s ability to manage cyber threats has declined, the 2019 Marsh Microsoft Global Cyber Risk Perception Survey found. The global survey of 1,500 organizations details the current state of cyber risk perceptions and risk management, building on a related survey conducted in 2017.

According to this year’s survey, nearly 80% of organizations now rank cyber risk as a top-five concern, compared to 62% in 2017. Only 11%, however, expressed a high degree of confidence in their ability to assess cyber threats, prevent cyber-attacks, and respond effectively. This is down from 19% in 2017.

For many organizations, strategic cyber risk management remains a challenge. For example, while nearly two-thirds (65%) of organizations surveyed identified a senior executive or the board as a main owner of cyber risk management, only 17% of c-suite executives and board members said they spent more than a few days in the past year focusing on the issue. More than half, 51%, spent several hours or less.

Likewise, 88% of respondents identified their information technology and information security functions as primary owners of cyber risk management, yet 30% of IT respondents said they spent only a few days or less over the last year focusing on cyber risk.

At the same time, organizations continue to embrace new technologies but are uncertain about the risks they bring. Three-quarters (77%) of respondents said they are adopting or have adopted cloud computing, robotics, or artificial intelligence, yet only 36% say they evaluate cyber risk both before and after adoption; 11% don’t evaluate the risk at all.

“We are well into the age of cyber risk awareness, yet too many organizations still struggle with creating a strong cybersecurity culture with appropriate levels for governance, prioritization, management focus, and ownership,” said Kevin Richards, Global Head of Cyber Risk Consulting, Marsh. “This places them at a disadvantage both in building cyber resilience and in confronting the increasing complex cyber landscape.”

“In the era of transformational technology and more interconnected supply chains, the cyber risk management practices and mindsets of yesterday no longer suffice and may actually inhibit innovation,” said Joram Borenstein, General Manager, Cybersecurity Solutions Group at Microsoft. “It is incumbent upon senior leaders to focus on these issues for the welfare of their organizations, their customers, their employees, and beyond.”

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
GDPR Enforcement Loosens Amid Pandemic
Seth Rosenblatt, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4248
PUBLISHED: 2020-05-28
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484.
CVE-2020-8329
PUBLISHED: 2020-05-28
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted...
CVE-2020-8330
PUBLISHED: 2020-05-28
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted.
CVE-2020-4231
PUBLISHED: 2020-05-28
IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. IBM X-Force ID: 175335.
CVE-2020-4232
PUBLISHED: 2020-05-28
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336.