Breaking down “silos” of related information in a company is key to promoting cyber security: Zurich

The reluctance of business executives to ‘de-silo’ related company information is one of a number of stumbling blocks to mitigating cyber-risk, according to Zurich.

The company presented a number of its recent findings about cyber security at the 2012 Risk and Insurance Management Society (RIMS) Annual Conference & Exhibition in Philadelphia on Apr. 16. Among them, cyber security has made a significant jump on Zurich’s list of global risks, moving from a ranking of 25 out of 38 risks in 2011 to fourth on the list in 2012.

In a study of 1,419 business executives conducted by Zurich, more than 66% said the cyber security had increased in importance as a risk management issue in recent years. But only one-third of companies buy insurance available for the risk. In addition, only 10% said they felt their executive management was highly effective in creating a strong risk management culture.

Zurich’s survey results indicate at least three strong barriers to preventing a strong risk management culture in a company, a key defence against cyber attacks. One is the need to break down silos of information within a company.

“I think that’s particularly relevant when we think about cyber risk,” said Mike Kerner, CEO for Zurich Global Corporate in North America. “This is a complicated risk. It involves a number of different functions within an organization. It’s relatively technical in nature and we expect more risk managers to be experts in the security and privacy issues around cyber risk. And so clearly silos in an organization [must be able to] talk to each other for us to see this risk-managed in an appropriate fashion.”

Two other barriers in the way of creating top risk management included focusing too heavily on compliance rather than on observing underlying processes. Also, a lack of strong management support suggested a potential resource issue.