Work together against rising cyber risks, Marsh UK CEO warns

Companies must work together to combat cyber threats, Marsh’s UK and Ireland chief executive has urged, speaking at the launch of TheCityUK’s cyber report.

More cooperation is needed to act in the public interest against cyber risk, Mark Weil told assembled press at the event in London.

The report’s findings showed boards have made strides in managing cyber risk in the past three years, but some firms are outperforming others.

Attitude and culture are more important than expenditure, the study stressed, as factors for success in the differing approaches taken by boards against cyber threats.

Gaps in defences are often easy to fill, but boards need to act sooner rather than later, the study urged.

The report, entitled ‘Governing Cyber Risk’, benchmarked 30 companies from the financial and professional services industry.

A majority of boards were dealing with cyber risk to a minimum expected standard, the research found, but there were six outliers, and room for improvement.

Cybercrime is “the black market on steroids”

TheCityUK chairman John McFarlane likened cyber-crime to “the black market on steroids”, speaking at the launch of the report.

“This is war, and needs wartime, not peacetime, urgency and defences,” McFarlane continued.

McFarlane and Weil, who is soon stepping down from Marsh, urged companies to collaborate in their efforts to build cyber defences.

In some areas, there has been a “lack of dialogue” between companies, according to Marsh’s Weil.

He also noted that insurance broking firm had seen a marked improvement in recent years.

“When we first started benchmarking 3 years ago, we found a lot of inertia and lack of awareness. That is gone,” said Weil.

Seven in 10 businesses hit

Sobering difficulties faced by government and business were highlighted by keynote speaker Vicky Ford, a UK member of parliament and chair of a parliamentary cyber-security group, as emerging technologies and methods of cyber-criminality continue to grow.

“The sad fact is one in 10 people in this country have been a victim of cybercrime,” Ford told attendees.

“You are 20 times more likely to be a victim of crime online than offline,” she continued, adding that nearly seven out of 10 businesses have been affected.

“I can’t tell you how terrible it is to have a constituent come into a constituent surgery saying they hit the button and now all their money is gone,” she said.

The UK government has recently pledged £9m to tackle the dark web, Ford added, the anonymity of which she thinks “emboldens people”.

Ford pointed to International Monetary Fund (IMF) global campaign against dirty money as part of the collaborative solution.

The IMF initiative kicks off next week.

FCA acknowledges challenges

Robin Jones, head of technology, resilience and cyber at the UK’s Financial Conduct Authority (FCA), acknowledged the difficulties that businesses face in addressing cyber risk.

“Cyber-attacks are harder to spot, harder to stop and harder to recover from than ever before,” he said.

Technologies such as artificial intelligence and machine learning are supplementing attempts to fight cyber-attacks, but criminals’ methods also continue to evolve.

“[Cyber risk] moves with unpredictability and volatility,” the FCA’s Jones acknowledged, “meaning that a business strategy spanning a few years is difficult to marry with a risk environment that can only be measured in days or weeks”

For example, while ransomware attacks declined 93% last year, crypto mining rose by 250%, he pointed out.

Firms should be proactive rather than just reactive against cyber-attack, Jones said.

“We still see some firms approaching this risk in ways that are less effective,” he warned.

“They don’t realise in doing so they are effectively employing good luck.”

Keep up

The message of the launch and report was clear: boards are doing more to mitigate cyber risk than three years ago, but more collaboration, keeping up with evolving threats, and a defined strategy against cyber threats are going to be important to defeating online threats and building greater resilience against attack.