A greater awareness of IT and cyber risk is needed in European companies, particularly those on the continent
Multinationals and other large businesses are waking up to the threat posed by cyber risks although mid-size companies may not yet be as risk aware as they should, according to the ACE European Risk Briefing 2012.
Nearly one-third (29%) of respondents from larger companies ranked IT and cyber risk as the second most important emerging risk after terrorism and political violence, suggesting high profile instances of cyber crime in 2012 had increased awareness in boardrooms.
One explanation for cyber and IT risk not appearing higher up the list of emerging risks for both large and mid-size European companies might be that it remains relatively understood. While 42% of companies said they believed the level of IT and cyber risk will increase over the next five years, just 48% said they are either completely or somewhat prepared to manage it now.
“Only 10% of European companies say they feel fully prepared for IT and cyber risk,” said Iain Ainslie, technology and cyber underwriter for ACE in London, adding that one reason for this might be down to a lack of preparedness. He said that some “49% of companies currently have no plans in place to manage a cyber crisis”.
Just 1% of companies said that they had not experienced a loss as a result of an IT or cyber-related issues in the past 12 months. The most common type of loss was caused by the unauthorised use of computer systems, suggesting that many companies still fail to have the necessary in-house controls and procedures in place with regards to access to and control of company data.
Losses associated with general systems failure came in a close second place, with incidents involving hacking in third.
UK-based companies outperformed those on the continent in their preparedness to protect against IT and cyber risk. Some 52% of companies said they felt somewhat or completely unprepared to deal with cyber risk, compared to 61% in Germany, 63% in Benelux, 64% in France, and even higher percentages in other continental markets.
Companies in France and Germany were found to be least likely to have crisis management procedures in place to deal with an IT or cyber incident. About 60% in both markets currently have no procedures in place, a figure that is significantly higher than the regional average of 49%.