2018 Cyber Risk Survey Findings


Marsh & McLennan Agency surveyed 1,141 executives from small to middle-market organizations across North America. While almost 60% of these executives consider cyber security to be one of the top five risks facing their business, only 18% noted that their organizations have developed a cyber incident response plan. A common theme in the results is that there seems to be a gap between understanding the risk of a cyber breach and actually having a plan in place for when an incident occurs.

We’ve compiled a few of the key findings from the report. To download the full cyber risk report, click here.

Key Findings

  • Sixty-eight percent of respondents were concerned about business interruption posing a threat to their organization. For small to mid-size businesses, even a couple days offline could lead to significant financial damage. Cyber business interruption insurance can help minimize losses by providing funding during the network interruption.
  • Less than 40% of participants have performed gap assessments, phishing training, or penetration testing. These security practices are becoming more common and affordable, and some vendors and insurance policies even include these services.
  • Seventeen percent of those surveyed are not confident in their organization’s ability to manage, respond, and recover from a cyber incident. When asked about their confidence level, 6% indicated that they were unsure about their own company’s abilities. However, organizations that took preventative measures were more confident in their ability to handle an attack.
  • Thirty-six percent of executives don’t know what their organization is doing about cyber insurance. Of the 36% of respondents that have cyber insurance, none planned to discontinue their coverage.

While more companies have increased awareness of cyber risk and are purchasing cyber insurance, there continues to be a disconnect between concerns about cybersecurity and the necessary action to prevent or mitigate the impact of a cyber-attack. It’s crucial for businesses to understand their cyber risk and how they can protect themselves.

MMA is dedicated to helping protect businesses from cyber risks. To learn more, visit

Download “the Managing Cybersecurity: The Cyber Risk Protection Story” here.

Subscribe to Email Updates

Top Posts

Follow Us