Examining Risk in the Corporate Environment

Reading time: 5 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

Of all the possible concerns global businesses can have, cyber security threats are at the top of the list, according to recent research by insurance firm The Travelers Companies.

The company’s 2019 Travelers Risk Index found that cyber risks are the biggest worry among businesses of all sizes for the first time since the firm began conducting the research in 2014.

Travelers commissioned Hart Research to conduct an online survey of 1,200 business decision makers in the U.S. in July 2019, and more than half (55%) said they worry some or a great deal about cyber risks. That came in ahead of concerns such as medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%), and legal liability (44%).

As issues related to cyber security threats have increased, a higher percentage of organizations across nearly every industry reported that they are taking proactive measures to safeguard against cyber risks.

The steps taken by the organizations surveyed include purchasing a cyber insurance policy (51% of survey participants, up from 39% the previous year); creating a business continuity plan in the event of a cyber attack (47%, up from 38%); taking a cyber risk assessment for themselves (49%, up from 45%); taking a cyber risk assessment for their vendors (41%, up from 37%); and updating computer passwords (74%, up from 71%).

The risk index shows that more businesses are taking steps to prevent a cyber event. However, it’s still alarming that nearly half of the organizations do not have the proper insurance coverage, the report said. One cyber attack can put a company out of business, it noted, and taking the threat seriously and implementing a risk management program that addresses possible exposures can help a company avoid attacks and recover from them as quickly as possible.

Since 2015, the percentage of small business respondents who have reported that their organization suffered a cyber attack has tripled. Increases are also being reported among medium-sized companies (10% in 2015 to 20% in 2019) and large businesses (from 19% to 33%).

Among other key findings from the 2019 risk report are that suffering a security breach and a third party gaining unauthorized access to bank accounts were tied as the biggest cyber-specific worry among businesses.

The third-highest cyber-specific concern was an extortion or ransomware attack, which increased to 52% from 44% in 2018. Fewer companies (43%) said social engineering scams were a concern, up from 36% last year.

While there is a greater awareness of cyber security risks in general, the report said, one in four survey participants did not think their business would suffer a cyber attack. These companies opted not to purchase a cyber insurance policy, with the top reason being the expanse.

Three quarters of the survey respondents agreed that having the proper cyber security prevention tools in place is critical to the well-being of the business, an increase from 69% in 2018.

Nearly 80% of the respondents conceded that it is difficult to keep up with the ever-changing cyber security landscape. More than one third (36%) said today’s business environment is more risky.

Another recent report on business risk, released by ISACA, CMMI Institute and Infosecurity Group, showed that more than half of risk professionals worldwide say their organization’s risk levels have increased in the past 12 months.

The report, based on a survey of more than 4,500 professionals worldwide who are involved in risk decisions, showed that only 29% have a high degree of confidence that their enterprise can accurately predict the impact of threats and vulnerabilities associated with emerging technologies.

In addition, fewer than one third of the respondents (31%) said their enterprises can respond quickly when new security threats are identified, a problematic dynamic given today’s fast pace of business and technology-driven change.

The report found that the most critical categories of risk facing enterprises today are cyber security (cited by 29%), reputation (15%), and financial (13%). The top five cyber security risk management challenges are changes/advances in technology, changes in types of threats, too few security personnel, missing skills in existing cyber security personnel, and increased number and frequency of threats.

The study also found that nearly two thirds of the survey respondents have defined processes for risk identification, but only 38% think those processes are at either the managed or optimized level of the maturity spectrum.

This high adoption/low optimization trend shows that there is significant need for action and improvement, the report said.