Board members fail to grasp realities of cyber risk

Board members do not fully understand the realities of cyber risk, despite the fact that more than 80% of risk management professionals view this as the biggest problem facing their business.

A survey conducted at StrategicRISK’s European risk management conference yesterday highlighted a worrying disconnect in attitudes towards cyber risks between risk professionals and board members.

While 42% of respondents believe there has been an increase of cyber attacks on their business in the last year, 81% said their board members were not clued up on the severity and prevalence of the problem.

In addition, the majority of delegates felt that their computer network was moderately susceptible to an attack (74%) compared to only 12% who were confident that their network is fully secure.

Overall, reputational loss was cited as the most damaging consequence of an attack (59%), followed by financial impact (41%).

StrategicRISK editor Mike Jones said: “Risk managers are generally well informed about both the danger and also the opportunities which cyber in general presents. However, addressing these concerns is a problem as many find it difficult to get boards to understand fully the implications of the key risks.

“Equally, there is a sense of complacency which clearly continues to persist in a number of businesses, hence the rather worrying statistic which came out of our snap poll that just over one-in-ten of our delegates considered their network to be fully secure. I suspect that number comprised not of risk managers but were the views of some technology officers in our audience but irrespective, nobody should believe that such security exists. No network can ever be fully secure, no firewall impossible to breach.

“One of the main problems facing businesses in terms of cyber is that those intent on attacking networks will always be one step ahead and companies should make sure they are fully aware of this.”