A new survey finds that a large number of European companies haven’t planned for cyberattacks, which may shed some light on why so many are getting hacked.
Just one-quarter of companies surveyed said they have a “clear understanding” of their “exposure to cyberrisk,” according to the European Cyber Risk Survey released this month by insurance company Marsh, which collected the data “from risk professionals from large and medium-size corporations from across the continent.”
“Organizations across Europe are growing increasingly concerned about the likelihood and impact of cyberattacks,” the report states, but they aren’t sure what to do about it. Just 36 percent of respondents said they have a response planned for the event of an attack, while 22 percent said they had no plan and 17 percent had no idea. The remainder reported having “partial” plans.
Related Story: http://www.washingtonexaminer.com/article/2574118/
Sally Roberts, director of media relations for Marsh in the U.S., said the survey included 706 participants, mainly risk managers, across Europe.
The figures could explain why companies suffer from so many many high-profile breaches, one of which was referenced by the report. The U.S.-based Target, the report notes, had its systems penetrated in 2013 when hackers managed to obtain credentials from a third-party HVAC contractor that had an IT link with the company.
European companies could learn from that story, the report authors suggested, and go to greater lengths to ensure that those they work with have appropriate cybersecurity measures in place. The survey found that 77 percent of respondents still did not assess the cybersecurity practices of their suppliers or customers, and 67 percent were not asked to demonstrate their own practices by anyone else, including their banks.
Consequently, the authors predicted, third-party-enabled breaches “will only rise in frequency until organizations place greater focus on setting out the basic technical controls that all suppliers/contractors should have in place.”
The companies that are unable to articulate their security situation, Marsh noted, are “in a poor position to approach the insurance market.” As a result, only 12 percent of companies reported having cyberattack coverage, and only 33 percent have alternative funding in place in the event their financials are compromised by hackers.
A separate study published by the Ponemon Institute and Hewlett-Packard suggests that the cost of cybercrime, at least for U.S. companies, has risen by 82 percent since 2009, reaching an average cost of $15.4 million per incident for large companies in 2015.
