Subscribe To Our E-Newsletter
Follow Us On Twitter
Privacy And Cookies
Established 1996
Tuesday 17 July 2018


Risk and IT professionals continue to disagree on cyber priorities

Written by Deborah Ritchie

Risk and IT professionals may agree on one thing: cyber risk is problem that needs addressing; but when it comes to how organisations should assess, manage and mitigate the threat, views are not quite so well aligned. Of course, this is not a new problem, but it is a worryingly persistent one.

The findings of a new research project serve both to underline the issue and examine ways of dealing with it. The report, carried out by Chubb and launched today at the FERMA European Risk Management Forum in Monte Carlo, sought the views of more than 250 senior managers in both IT and risk each from major businesses across Europe with annual revenues exceeding US$500m, and identifies some major fundamental differences of opinion when it comes to addressing cyber risks.

IT professionals are more likely than their counterparts in the risk function to expect the impact of a cyber event to be severe, it says -- evidence that not all organisations have reached a single view of the scope of the threat or how to tackle it, which can leave them vulnerable. However, for almost all areas of cyber risk, IT respondents think more highly of their capabilities than their peers in the risk function.

What was once an issue managed by an organisation’s IT function is increasingly viewed as a crucial C-suite priority, and functions as diverse as risk, legal and HR are all expected to play a part in responding. Despite this broad response, many organisations are struggling to build governance models that allow for a consistent approach.

Six in ten respondents to the survey say senior leaders expect their business to be invulnerable to cyber attack. As the cyber threat is constantly evolving, this places intense pressure on risk and IT teams to mitigate these with a 100% success rate.

Cyber risk manager for Europe at Chubb, Kyle Bryant, says the results of this piece of work show that a clear and worrying disparity continues to exist between risk and IT managers. He believes insurers may hold the key to bringing functions together to assess, quantify and prioritise different cyber risks, and build stronger defences and protections.

“Nothing will provide you with total assurance that an incident won’t happen,” he added. “But insurance now provides a practical solution to help you identify, mitigate and protect your organisation’s vulnerabilities.”

Related Articles

Power transmission and distribution risk
Mark Evans talks to Barry Menzies, head of MIDEL ester-based dielectric fluids, at specialist manufacturer M&I Materials, to discover how ester fluids can help reduce the risks associated with transformer applications.
Most read stories...
World Markets (15 minute+ time delay)

Download the latest
digital edition of
CIR Magazine