A majority of risk professionals report believing cyber security threats are a major risk to their business, and the burden to mitigate those risks is shifting across departments, suggests a recent study sponsored by Zurich.
Nearly 87% of the 511 respondents to the survey, which spanned various industries in North America, said they believe cyber and information security risks present at least a moderate threat to their organization. That’s consistent with the 2011 response, although more board members and C-level executives now share the perception of cyber risk, the study results suggest.
While primary responsibility for information security risk management still lies largely with the IT department, about 15% of respondents did suggest that the risk management or insurance departments are responsible for the efforts. That’s up from about 13% last year.
More than 61% of respondents also said their organization takes a multi-departmental approach to information security risk management, compared with 57% in 2011.
Privacy violation and/or data breaches of customer records was viewed as the primary concern for respondents. Reputational damage resulting from a data breach and reputation damage through social media were the next biggest concerns.
Business interruption from supplier or customer cyber disruptions were on the lower end of concerns.
Information security risks were a specific risk management focus for about 73% of respondents. About 80% of those surveyed also said they have a disaster plan in place, a 12.4 point increase over last year, the survey report noted.
While only 44% of respondents said their organization has purchased cyber liability insurance, that percentage has increased from 35% last year. Brand restoration coverage is also being purchased by about 18% of those surveyed.