Marsh & McLennan Agency surveyed 1,141 executives from small to middle-market organizations across North America. While almost 60% of these executives consider cyber security to be one of the top five risks facing their business, only 18% noted that their organizations have developed a cyber incident response plan. A common theme in the results is that there seems to be a gap between understanding the risk of a cyber breach and actually having a plan in place for when an incident occurs.
We’ve compiled a few of the key findings from the report. To download the full cyber risk report, click here.
- Sixty-eight percent of respondents were concerned about business interruption posing a threat to their organization. For small to mid-size businesses, even a couple days offline could lead to significant financial damage. Cyber business interruption insurance can help minimize losses by providing funding during the network interruption.
- Less than 40% of participants have performed gap assessments, phishing training, or penetration testing. These security practices are becoming more common and affordable, and some vendors and insurance policies even include these services.
- Seventeen percent of those surveyed are not confident in their organization’s ability to manage, respond, and recover from a cyber incident. When asked about their confidence level, 6% indicated that they were unsure about their own company’s abilities. However, organizations that took preventative measures were more confident in their ability to handle an attack.
- Thirty-six percent of executives don’t know what their organization is doing about cyber insurance. Of the 36% of respondents that have cyber insurance, none planned to discontinue their coverage.