Cyber risk is now at the forefront of the corporate risk agenda, but cyber risk management strategies are not keeping pace despite an increasingly complex threat environment and escalating potential financial impact, a recent survey says.

The survey undertaken by MARSH in partnership with MICROSOFT examines cyber risk concerns and management strategies by organizations of all sizes in a range of industries worldwide, computing the opinions expressed by more than 1,300 executives.

Two-thirds of survey respondents ranked cybersecurity as a top five risk management priority, but only 19% expressed high confidence in their organization's ability to manage and respond to a cyber event, and only 30% have developed a plan to do so.

Other key findings point to a misalignment between cyber risk awareness and management approach:

• 70% of respondents named the IT department as a primary owner and decision-maker for cyber risk management, compared to 37% who cited the C-suite and 32% Risk Management.
• 75% identified business interruption as the cyber loss scenario with the greatest potential financial impact, but fewer than 50% actually estimate financial losses - and of those, only 11% measure cyber risk exposure quantitatively.
• One in five organizations does not currently have or plan to purchase cyber insurance, and 25% don't know their cyber insurance status.

Among the key takeaways for business leaders are the need for broad stakeholder engagement, including the C-suite and board; economic modeling that quantifies cyber risk; and a holistic approach that spans prevention, mitigation, transfer, and response planning.

Click here to read the survey.