It’s no secret that cyber security is a major business concern. After all, every few weeks another massive breach makes front page news. While awareness is high, the real impact to middle market firms gets lost in the big name headlines. In order to identify business practices and trends among emerging and private organizations, Marsh & McLennan Agency LLC recently surveyed its nationwide client base on this crucial topic.
Here are some of the key takeaways from the nearly 600 responses:
- 80% of respondents said their business activities include at least five of the following key cyber risk factors:
- Processing credit card transactions
- Holding past or present employee records
- Processing/accessing banking information
- Using computers connected to the Internet
- Hosting websites that collect personal or confidential information
- Holding client, customer or supplier information
- Using the Cloud
- Holding information subject to HIPAA
- Linking employee laptops/PDAs to the employer's network
- Most respondents indicated that they outsource many of these business activities that expose them to cyber risk. Nearly 40% of the respondents have no process to ensure their protection in the event the vendor’s data is breached. Among those companies that have a procedure, most have processes that are inadequate.
- Nearly 61% of respondents had little understanding of how their insurance policies would respond to a cyber loss. Of that group, 83% had little to no understanding of cyber insurance policies.
- 60% of respondents do not have a corporate disaster recovery plan in place.
Although the results were not completely unexpected, the survey uncovered a serious gap between the likelihood and potential damage of a cyber breach and the current level of protection companies have in place. Over the next few weeks our blog will highlight need-to-know information about cyber risk and cyber liability, both for your company and for your vendors, the ins and outs of cyber insurance, and best practices for managing your risk and protecting your critical data.