[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

Board level of ownership of cyber risk increased to 30%

A third (30.3%) of UK large and medium-sized businesses have board-level oversight of cyber risk, up from 19% in 2015, according to a report by Marsh.


Cyber risk © Shutterstock
A quarter of risk and finance professionals are seeking quotes for cyber insurance. © Shutterstock

Its UK Cyber Risk Survey Report 2016 found that levels of understanding of the risk have also increased in 2015, with 83% of risk and finance professionals saying they have a basic or complete understanding of their company’s cyber exposure, compared with 61% last year.

Mark Weil, CEO at Marsh UK & Ireland, welcomed the growing take-up as boards can verify in the risk market that their security measures are effective. 

He said: “This increase in board-level ownership and control suggests that the recent series of high-profile cyber incidents has resulted in UK organisations recognising that cyber threats are serious.”

IT departments remain responsible for the review and management of cyber risks in the majority (55%) of companies.

However, the insurance broker and risk adviser said only 26% of respondents believe their organisation’s supply chains are assessed for cyber risks, up slightly from 22% in 2015. 

In addition, just 35% say their firms have been asked to demonstrate a competent standard of IT security practices by their bank and/or customers in order to do business with them. 

“The gaps in assessing supplier risk and quantifying the scale of cyber threat suggest that there is still plenty to do,” Weil said.

Nearly a third (29%) have bought, or are in the process of buying, protection to cover cyber risk, while an additional 26% are currently engaging with insurers and seeking quotes for cyber insurance.