Despite an increased concern about the serious impact of cybersecurity-related incidents, European organizations “have under-investigated cyber risks and need to do more to assess their exposures,” according to a recent report.

The European 2015 Cyber Risk Survey Report from Marsh notes that an “overwhelming majority” (79 percent) of organizations have, at best, “a basic understanding of their cyber risk profiles, putting them in a relatively poor position to prioritize their risk mitigation efforts and risk transfer strategies.”

Meanwhile, one in four organizations surveyed don’t even consider the threat of cyber risk to be of sufficient concern to get on the risk register and 30 percent place the risk outside their top 10 risks.

A main reason that cyber risk appears to be such a low priority is that IT departments carry the primary responsibility for mitigating the threat, the report said, noting “the oversight of cyber is located in a part of the business that doesn’t have the capability and/or authority to carry out the financial evaluations and more detailed scenario analysis required to adequately assess the risk posed to the organization.”