Marsh and Microsoft launch the 2022 Cyber Risk Survey, the third study dedicated to the cyber risks' evolution across the global economy

2 June 2022 — Daniela GHETU
Marsh and Microsoft launch the 2022 Cyber Risk Survey, the third study dedicated to the cyber risks' evolution across the global economy
With almost 75% of organizations experiencing at least one cyberattack, cyber resilience is now more important than ever, reads the latest report issued by Marsh and Microsoft on "The State of Cyber Resilience".

Cyber risk is pervasive at most organizations, the report's authors emphasize, explaining that any employee or vendor firing up their laptop from home brings risk, as well as a user connecting a new product to the Internet of Things. Yet, deciding not to launch a new product, fearing cyber threats, is also a risk etc. Countering such risks requires enterprise-wide alignment.

Interviews conducted by the report's authors with hundreds of CEOs, risk, finance, IT, and cybersecurity leaders from across the globe enabled them to discern 8 key cyber risk trends, as listed in the paper's executive summary:

  1. Cyber-specific enterprise-wide goals - including cybersecurity measures, insurance, data and analytics, and incident response plans - should be aligned to building cyber resilience versus simply preventing incidents, as every organization can expect a cyberattack. 73% of companies said they had experienced a cyberattack.
  2. Ransomware is considered the top cyber threat faced by companies, but not the only one. Other prevalent threats include phishing/social engineering, privacy breaches, and business interruption due to an external supplier being attacked.
  3. Insurance is an important part of cyber risk management strategy, and influences the adoption of best practices and controls. 61% said their company buys some type of cyber insurance coverage.
  4. Adoption of more cybersecurity controls leads to higher cyber hygiene ratings. Just 3% of respondents rated their company's cyber hygiene as excellent.
  5. Organizations lag in measuring cyber risk in financial terms, which hurts their ability to effectively communicate cyber threats across the enterprise. Just 26% of respondents said their organization uses financial measures for cyber risk.
  6. Increased investment in cyber risk mitigation continues, though spending priorities vary across the enterprise. 64% said the spur to increasing cyber risk investments was having experienced an attack.
  7. New technologies need to be assessed and monitored on a continuous basis, not just during exploration and testing prior to adoption. 54% of companies said they do not extend risk assessments of new technologies beyond implementation.
  8. Firms take many cybersecurity actions, but widely overlook their vendors/digital supply chains. Only 43% have conducted a risk assessment of their vendor/ supply chain.
"It's important that leaders across an organization have a common understanding of overall cyber risk trends and how these affect their business. Having a common understanding of the risk issues facing the company helps align decision makers and drive strategy, while also presenting a united message to other internal and external stakeholders," the report says, concluding that "there's no one-size-fits-all solution to the cyber risks facing organizations today. Cybersecurity measures, insurance, data and analytics, and incident response plans all play a role. However, a critical element to making these and other pieces work together is to develop an enterprise wide alignment around cyber risk management, fostering a shared responsibility. All stakeholders - including risk managers, finance, cybersecurity/IT, executive leaders - will likely gain confidence in the organization's cybersecurity posture by being better connected to the broader enterprise."

Click here to get the full 2022 edition of "The State of Cyber Resilience" report by Marsh and Microsoft.