Directors rethink cyber risk priorities

Data loss and cyber attacks have been identified as two of the top three risks amongst directors and officers, according to a survey conducted by risk advisory, Willis.

Its latest report canvassed the views of risk professionals across range of sectors, including the services sector (24%) and finance and insurance (19%), with more than half representing private companies. It found that, despite growing awareness of cyber attacks and recent high-profile incidents, the risk ranking for cyber attacks reduced by 2% between 2024 and 2025.

Among those surveyed, Great Britain was the only region to identify cyber attacks as the top risk. In contrast, respondents from North America and the Middle East ranked data loss as their primary concern.

Willis also found that the frequency of updates to boards on cyber security had shifted. Last year, 20% of respondents updated their board only in response to an incident, decreasing to 12% in the current report. The number of respondents who update their board on cyber security monthly meanwhile increased over this time from 18% to 28%.

Some 80% of respondents to the Willis Cyber Directors and Officers Survey Report indicated that they have put a cyber incident response in place, with more than two thirds indicating that they have completed an incident response exercise in the past 12 months. Further, some 65% of respondents said they felt well prepared to manage a cyber incident (up from 56% in 2024)

Adrian Ruiz, head of FINEX GB cyber and TMT, WTW, said the survey findings highlight the importance of staying informed and adapting in an increasingly complex digital landscape.

"Building a strong cyber security culture that engages all levels of the organisation is critical to managing today’s evolving threats," he added. "From investing wisely in training and technology to regularly testing response plans, businesses must take a proactive, strategic approach to cyber risk."

Looking ahead, respondents indicated that cyber security budgets will continue to increase in 2025 but to a lesser extent than 2024 (56% versus 63% respectively)

Cyber security was ranked as the most important aspect of directors’ and officers’ liability insurance coverage. More than half of respondents indicated that they have cyber insurance in place, with a further 18% planning to purchase it in the next two years.



Share Story:

YOU MIGHT ALSO LIKE


The Future of Risk & Resilience with AI & Data
CLDigital's Co-Founder, Tejas Katwala, joins CIR Magazine to discuss how CLDigital is transforming enterprise risk and resilience. By integrating business processes, AI and data-centric strategies, organisations can move beyond compliance to proactive risk management – simplifying operations, strengthening resilience, and driving business performance. Listen now to explore the future of intelligent risk management.

Investec is disrupting premium finance – Podcast
Investec made waves in entering the premium finance market, where listening and evolving in response to brokers made a real difference.

Advertisement