Here’s How Companies Can Set a Cyberrisk Management Strategy
Open Data and Consistent Metrics May Lay Foundation for Cyber Risk Success
Nine out of 10 U.S. businesses were victims of at least one hacking incident in the past year, according to a recent survey.
The cyber poll, conducted by Munich Re, noted that 64 percent of risk managers said they have experienced more than six hacking incidents in the last year, an increase of 32 percent.
“Hackers are even more relentless,” said Eric Cernak, Cyber Practice Leader for Munich Re. “Businesses are under constant assault.”
The survey polled 102 risk managers from a wide variety of industries during last month’s Risk and Insurance Management Society Conference.
Although 28 percent of those surveyed said they were concerned about the safety and security of Internet of Things (IoT) devices, more than half of the businesses (56 percent) represented had implemented or plan to implement such devices, the survey indicated.
As IoT devices begin to proliferate, companies should be thinking about security costs, Cernak said in a statement. “Hackers are always looking for ways to access company business systems and connected devices provide additional infiltration points,” he said. “It’s important to control security features on these devices and monitor employee use.”
The loss of confidential information topped survey responses as the primary threat owing to a hacking incident, followed by government intrusion and service/business interruption.
Encryption was the No. 1 risk management tool (44 percent), up 25 percent percent from 2015, the survey said. Intrusion detection/penetration testing (28 percent, down 32 percent from 2015) came in second, followed by employee education programs at 12 percent, down 25 percent from 2015.
Half of the respondents said their businesses had either secured cyber insurance for the first time or increased their level of coverage in the last year. Among those who have yet to purchase cyber insurance, 44 percent said the coverage was too complex. Lack of a sufficient threat was cited as a reason for no coverage by 34 percent of respondents, followed by cost at 22 percent.