An uncertain geopolitical risk landscape could be one source of distraction as cyber resilience deteriorates
The latest edition of the market leading Risk & Resilience research from Beazley, Spotlight on: Cyber and Technology risk, indicates that cyber remains the leading concern in the technology risk category, with 28% of UK and US respondents listing it as their number one risk in 2022.
This, however, represents an 18% real terms decrease, down from 34% in 2021.
There is also a worrying degree of complacency around active cyber risk management and maintaining resilience to cyber threats, with over 41% of UK and US business leaders feeling ‘very prepared’ to meet the cyber threat, which although down marginally (5%) on 2021, may yet demonstrate over confidence.
“We are detecting signs that business leaders may have become a little complacent – even over-confident – about the cyber and technology risks faced by their businesses,” said Patricia Kocsondy, Head of US cyber and technology, Beazley.
“Perhaps because of the overwhelming challenge that the current geopolitical environment poses today they may be being blinded to the threat that cyber and technology risk may deliver tomorrow.”
Wider technology risks are also starting to worry executives
As the new report shows year-on-year, the proportion of business leaders putting intellectual property (IP) risk first has risen dramatically, up 107% in real terms since 2021.
Meanwhile, the proportion of businesses putting technology obsolescence top of their list has also risen, with concern increasing more in the US than the UK.
While perceived resilience to cyber and technology risks generally remains relatively high, with 31% of UK firms and 43% of US firms feeling ‘very prepared’ across all four risks within this risk category, resilience perception has dropped across the board, down 9% on average – with IP risk resilience down 12%, and disruption risk down 10%, compared with 2021.
“Mid-market clients, in particular, are struggling with what is being asked of them in terms of funding, budgeting for and repairing technology to keep pace with a range of cyber and technology risks.” Commented Bala Larson, head of Cyber Client Experience, Beazley.
“We are placing a lot more emphasis on questions around how to handle end-of-life software and hardware issues, with many industries now in catch-up mode to budget for what their insurers require.”
Cyber hygiene is key to insurability
With pricing for cyber insurance rising, insurers are becoming more selective about which cyber risks they write.
Cyber insureds therefore need to regard cyber resilience and risk management as much more than a tick-box exercise, as they seek to protect intangible assets and ensure business continuity.
“More companies in the UK have cyber insurance cover since 2021, and perhaps feel more protected, but there is a sense that many view this purchase as a box-ticking exercise, while too many companies still lack basic protections against cyber-attacks,” commented Aidan Flynn, head of London and International Underwriting Management, Cyber, Beazley.
Summary of the key findings
The report’s findings raise a number of concerns:
- Few of the risks outlined above feature in the high risk/low resilience quadrant of Beazley’s Risk & Resilience matrix suggesting business leaders are becoming complacent about resilience to cyber and technology risks.
- Cyber risk still dominates risk radars, but concern has lessened since last year while perceived resilience has dropped to 41%, with many companies distracted by geopolitical turbulence either unwilling or unable to upgrade cyber protections.
- Intellectual property is still lowest on the list of concerns, but risk perception has dramatically increased, up 107% on last year, suggesting this is a potential area where greater risk management and mitigation is needed.
- Technology obsolescence is the number one risk for 27% of UK and US business leaders, displacing disruption in the ranking, at the same time, perceived resilience has also dropped, possibly as companies struggle with the cost and effort of updating or replacing legacy systems.