Most execs spent less than a day on cyber risk last year – Marsh study
Most board members and senior executives responsible for their organizations’ cyber risk management had less than a day last year to spend focused on cyber risk issues, according to a new report from Marsh and Microsoft.
This lack of time to focus on cyber risk comes as a concern as cyber threats hit an all-time high – and as confidence in organizations’ ability to manage cyber threats declines, according to the 2019 Marsh Microsoft Global Cyber Risk Perception survey. The survey scrutinized 1,500 organizations to determine the current state of cyber risk perceptions and risk management.
Nearly 80% of organizations now rank cyber risk as a top-five concern, up from 62% in 2017, when the study was last conducted. However, only 11% expressed a high degree of confidence in their ability to assess, prevent and respond effectively to cyber threats. That’s down from 19% in 2017. Cyber risk management remains a challenge for many organizations, the survey found.
“For example, while nearly two-thirds (65%) of organizations surveyed identified a senior executive or board member as the main owner of cyber risk management, only 17% of c-suite executives and board members said they spent more than a few days in the past year focusing on the issue,” Marsh said. “More than half, 51%, spent several hours or less.”
While 88% of survey respondents identified their information technology and information security functions as the primary owners of cyber risk management, 30% of IT respondents said they spent only a few days or less over the past year focusing on cyber risk.
“We are well into the age of cyber risk awareness, yet too many organizations still struggle with creating a strong cybersecurity culture with appropriate levels for governance, prioritization, management focus, and ownership,” said Kevin Richards, head of cyber risk consulting at Marsh. “This places them at a disadvantage both in building cyber resilience and in confronting the increasingly complex cyber landscape.”
“In an era of transformational technology and more interconnected supply chains, the cyber risk management practices and mindsets of yesterday no longer suffice and may actually inhibit innovation,” said Joram Borenstein, general manager of Microsoft’s Cyber Security Solutions Group. “It is incumbent upon senior leaders to focus on these issues for the welfare of their organizations, their customers, their employees, and beyond.”
source insurancebusinessmag
Industry: Cyber Security
Latest Jobs
-
- Penetration Tester, UK based. Ability to achieve SC clearance
- United Kingdom
- 55000
-
Experienced Penetration tester- UK based with the ability to achieve SC clearance. On-going training and development and paid certifications / renewals. Interested to hear from all areas of penetration testing, web app, infrastructure, mobile, etc. MUST have current hands on experience delivering penetration testing. Ideally from a consultancy background with experience working with multiple clients. OSCP / CREST / CHECK / Tigerscheme penetration testing experience / certifications desirable. Apply today for more details. All information kept in the strictest of confidence.
-
- Senior Data Privacy Specialist, London. CIPT
- London
- 60000
-
REF CH7875 £60,000 Senior Data Privacy Specialist, London. CIPT Senior Data Privacy Specialist needed to help advise client on project and programmes relating to Data Privacy and compliance. UK based role. Ideally looking for someone that has a strong appreciation of technology and Data Privacy that can work with clients to develop or enhance their strategies, policies, processes and techniques to manage cybersecurity risks while enabling business driven data. Certified Information Privacy Technologists (CIPT), Certified Information Privacy Professional/Europe CIPP/E experience and or certification highly desirable. Specific experience within the healthcare industry is of particular interest. All details kept in confidence Apply today for more information
-
- Cyber Security lead Managing Consultant, Healthcare
- London
- 120000
-
REF CH7874 £120,000 Cyber Security lead Managing Consultant, Healthcare, Public Sector. UK Cyber Security lead Managing Consultant with a specialisation in healthcare needed. The Cyber Security lead Managing Consultant will identify, engage with, consult and deliver key and critical cyber focused programmes and projects into healthcare clients. To be a success in the role you will be able to identify and engage with clients building pipelines of new business opportunities. A key part of your role will be to engage with new and existing clients to win new business opportunities- this role is revenue generating. Consulting experience around digital cyber transformations, Governance, Risk & Compliance, Critical National Infrastructure programmes, Managed Detection and Response etc are key. NIST, ISO27001, etc Team management, , identifying Cyber Risk, UK based, Permanent position. The ability to achieve UK security clearance is a perquisite. All details held in confidence. Apply today for more information.
-
- CONTRACT outside IR35 - SENIOR Security Analyst level 3.
- United Kingdom
- competitive day rates
-
REF CH7873 CONTRACT 3 month rolling outside ir35 SENIOR Security Analyst level 3. London ideally- but flexible SOC SIEM experience essential. Broad cyber hands on experience should include Threat hunting, Detection, Phishing, Malware etc Scope of engagement · Managing / running BAU tasks (Organising and assigning workloads to the Tier 2 analysts) · Working with the various security tools (Creating documentation to support the use of these tools) · Support Incident Management activities (Work with the incident managers when an incident is identified) · Support Incident Response activities (Recommendations and support remediation activities without completing these activities) · Be technical point of contact to the wider business on security related issues (SME within the team on security related issues) · Train the SOC Analysts (Continuity of service - knowledge transfer to the T2 analysts ) · Working with the Security Engineers on: (Use Case Development Identifying scenarios and developing the use case for the engineering team to deploy Identifying rules and alerts triggered to be fine-tuned by the engineering team) · Recommendations for dashboard creation (Working with the engineering team to identify potential dashboards to create) · Creating, maintaining and uplifting documentation (Playbooks, Process Documentation) · Drive improvement across the estate (Support Vulnerability Management activities and provide enrichment where possible) Any of the following certifications are desirable Splunk Phantom certified admin, Splunk Core Certified Power User / Advanced, Splunk Certified Enterprise Security Admin, etc The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) Looking to interview immediately. Arrange a call https://calendly.com/chris-holt/arranged-call-with-chris-holt-soc-role- Chris.Holt@dclsearch.com