The recent wave of sophisticated and targeted data breaches has led global business leaders to recognize cyber risk as one of the most significant threats faced by corporations today. According to the Lloyds 2013 Risk Index released this week, “Cyber security now sits squarely towards the top of the agenda for boards around the world”.
The Index is based on a global survey of almost 600 C-suite and board level executives performed by Ipsos MORI, a leading market research company. Respondents represented both small companies with revenues below $499M and larger organizations with revenues above $500M. They were drawn from a variety of geographic zones including Asia-Pacific, Europe and North America.
Respondents were asked to rate risk categories and specific risks within each category according to corporate risk priorities and degree of business preparedness to manage risks. Cyber risk is rated higher by respondents than the risks of inflation, legislative and regulatory changes, changes to the cost and availability of credit, climate change and failed investments. The only two risks rated higher on the index than cyber security are taxation and the loss of customers.
As expected, smaller companies reveal a low level of risk preparedness. However, large organizations appear to over-estimate their ability to deal with cyber risks that include code injection, denial of service and Web-based attacks. Although insurers offer a suite of products to deal with the costs related to data breaches including forensic analysis and public relations services, the report concludes that preventative measures provide the greatest degree of protection against cyber risks. It references the 2012 study by the Ponemon Institute that places the average cost of a data breach at US$ 8.9M based on an analysis of 56 reported breaches. According to the study, data breach costs range between US$1.4M and $US 46M.