Published in: 2018 Cyber Risk Perception Survey Report, by the Marsh & McLennan Agency
3 Key Cyber Risk Takeaways from 2018
With the explosion in digital technology and big data, managing their exposure to cyber-security threats has become imperative for firms in a world where users are beginning to get weary of the amount of data firms have on them. In October 2018, the Marsh & McLennan Agency surveyed 1,141 executives from small to middle-market organizations across North America, with questions ranging from how confident they were that their organization would be able to understand and assess a cyber-attack, to if they had implemented a plan to train employees to recognize phishing emails. Here are three takeaways from the report:
- Small and Middle-Market Employers Are At Risk
- Business Owners are Unsure of How to Mitigate Cyber-Security Risks
- Having a Clear Cyber-Risk Strategy Allows Businesses to Focus on Growth and Other Priorities
Employers at Risk
Small and Middle-Market Employers are at Risk. The reality is that regardless of size, large organizations and small ones are exposed substantially to the same cyber risks. If anything, small and middle-market organizations are more vulnerable because they have fewer resources to devote to cybersecurity, and cyber-attackers know that.
Of the 28 million small businesses in the United States, 50% suffered security breaches in 2016, according to one survey. Many more were probably victims of successful attacks, but never knew that unseen parties were mining their data. Large organizations are more visible when they suffer a data breach, but smaller organizations, also suffer breaches as frequently, if not more. Business Owners are Unsure of How to Mitigate Cyber Security Risks.
Cyber Risk Strategy
Executives are clearly worried about cyber-risk but admit they do not understand the range of protective steps available to them. While there are many excellent products and processes for protecting against cyber-attack, the threat landscape is rapidly and continuously evolving, and even the best defenses can never be perfect. Cyber is a business risk to be managed, not just a technological threat that can necessarily be stopped. Having a clear data management strategy allows businesses to focus on growth and not IT.
Once organizations have taken steps to mitigate cyber risk, they are clearly more confident of their ability to understand, respond to, and recover from all-but-inevitable cyber-attacks. That helps them move on comfortably to business growth, execution of their organizational mission and other top priorities. It is therefore important for organizations to understand cyber risk and what they can do about it.
Understanding leads to action, which leads to greater security, reduced risk of attack, and reduced fear of the effects. For most business leaders, the discussion of cybersecurity does not begin until after a successful attack, which is too late. The time to start a conversation is now. To read the full report, visit: www.mma-fl.com