Cyber security among top risks ranked by global execs: Lloyd’s

Cyber risk is a much greater concern this year than in 2011 for corporate leaders surveyed, though many organizations remain complacent about the threat of malicious computer software and Internet-based attacks, suggests a report from Lloyd’s of London. 

On Wedensday, the group released its 2013 Lloyd’s Risk Index, a report first published in 2009. This year’s highest ranked risks included cyber risk and high taxation, while earthquake, volcanic eruptions and climate change ranked relatively low.

“Cyber risk has moved from position 12 (malicious) and 19 (non-malicious) in 2011 to the world’s number three risk overall,” Lloyd’s stated in the 2013 index, which is based on a recent survey of 588 C-suite and board level executives.

In the survey, conducted by Ipsos MORI in April and May, respondents were asked about their attitudes about 50 risks. They were asked to rate both the overall risk category and number of specific risks within each of five broad categories and for their degree of preparedness to manage those risks. From those responses, Lloyd’s calculated risk and preparedness scores for each individual risk.

The five broad categories were business and strategic; economic, regulatory and market; political, crime and security; environmental and health; and natural hazard.

The individual risk identified as the largest was high taxation, while loss of customers and cancelled orders placed second.

Lloyd’s gave some reasons why cyber may have placed third. “The number of incidents attributed to state-sponsored hacking and revenge attacks by ‘hacktivist’ networks is growing,” according to the report. “So, too, are the costs of cyber breaches.”

Quoting from a Ponemon Institute study last year, Lloyd’s noted the most costly cybercrimes involved malicious code, denial of service and web-based attacks.

“It appears that businesses across the world have encountered a partial reality check about the degree of cyber risk,” Lloyd’s says. “Their sense of preparedness to deal with the level of risk, however, still appears remarkably complacent.”

With regard to the second-largest risk — of lost customers and cancelled orders — Lloyd’s noted that in “virtually every region of the world, business leaders feel they are underprepared to deal with the fundamental risk that too few consumers are willing or able to buy their products.”

The fourth-largest risk was price of material inputs while the fifth was excessively strict regulation.

Of the other individual risks, volcanic eruption was the lowest of 50, earthquake ranked No. 48 and climate change ranked No. 32.

“With the sole exception of Latin America, business leaders from all other three major regions of the world continue to score their ability to deal with the risk of climate change more highly than the score they give the risk itself,” Lloyd’s stated. “This difference is most striking for North America, where businesses scored themselves at 5.2 for preparedness, against 3.0 for priority.”

Of the 588 people surveyed, 26% were personally based in North America. When asked what described their job title, 55% were CEOs, presidents or managing directors, 7% were chief information officers or technology directors while 1% of respondents were chief risk officers.