Marsh’s survey found few businesses purchased cyber insurance cover despite being aware of the threat


Despite mounting concerns about the consequences of a cyber attack on their customers and reputations, many leading European organisations are still taking an immature approach to cyber risk, Marsh has stated, following a survey conducted at its annual digital threats conference.

Announcing the findings at the Airmic conference today, the firm said European organisations were yet to fully embed cyber threats into their risk management strategies.

Of the 85 risk managers surveyed, 71% said their cyber risk concerns had increased over the previous 12 months and 54% stated that their organisation had recently been subjected to a cyber attack.

However, only 23% believed that management of cyber risk was fully embedded and optimised within their firms.

In addition, 17% of respondents believed that the financial impact of a cyber attack could cost their organisation more than $5m, and 22% admitted that their organisation had not conducted a dedicated cyber risk financial impact assessment.

Only 12% said that their organisation currently purchased cyber insurance cover, despite 76% stating that they were familiar with the products available.

EMEA cyber risk leader at Marsh Stephen Wares said: “The spectre of a cyber attack evidently looms large among the risks that risk managers believe could threaten the continued success of their organisations. Despite this, it would seem that, in the majority of firms, cyber risk is still largely misunderstood and many struggle to implement a clear strategy to tackle it effectively.”

He added: “The fact that so few respondents buy cyber insurance, despite high product awareness, is a clear indication that the insurance industry has more work to do in educating clients and developing cover that will adequately respond to their needs.”