That is the shocking conclusion from the panel session held at the recent CBI Cyber Security Conference.

The panel session was chaired by Matthew Fell, Policy Director, CBI and included Giles Smith, Deputy Director Cyber Security and Resilence from DCMS and Steven Wares, Head of Cyber Practice, EMEA, Marsh. London, June 2015.

Listen to ‘Cyber insurance: What do you need to consider when assuring your assets?’

Commentary

Despite the attention on Cyber Risk over the past few years it is clear there is much more that needs done if business is to start balancing the risk faced. While progress is being made, it still seems as though there is still reluctance by many to see cyber as a real risk to the business.  

Risk managers often find it difficult to connect or understand the subject and many IT professionals continue to see the issues raised as principally an IT issue with few are actively engaging with their risk teams to build a balanced approach.  With most organizations now dependent on technology a cyber issue can cripple operations or expose the organization  to liabilities from regulators and other stake holders.

Even by applying good basic measures, such as the governments Cyber Essentials Scheme, firms may find they lack the resources to respond and cope with an incident when the expertise and time needed comes with quite a price!   

A well structured approach  to prevent and mitigate the threat from Cyber, combined with a well thought through Insurance policy, can dramatically change outcomes and help deliver not only an enhanced capability, but also help build competitive advantage. If you'd like to know more about how you can build an effective approach to Cyber Risk Management check out the CRIF Framework on our resources pages.