Enterprises across Europe need to work harder to better understand and respond to cybersecurity risks, according to a new study from Marsh.

The European 2015 Cyber Risk Survey reported that 79 percent of businesses have “a basic understanding of their cyber risk profiles”, leaving them extremely vulnerable to cybercriminals.

Moreover, the fact that 25 percent of respondents believe cybercrime is not “material enough” to be considered as part of a risk strategy is a significant concern, the authors of the paper commented.

Marsh, an insurance broker and risk adviser, said that in light of its findings, it is keen to persuade such organizations that it is a priority for them to reevaluate their understanding and approach to cybersecurity.

"70% of European businesses have a basic understanding of their cyber risk profiles."

“These high figures are also a concern since it is reasonable to assume that, because cyber risk is low down on – or completely absent from – these companies’ risk registers, it is not going to receive the level of investigation required to sufficiently map and quantify the risk to the business,” It stated.

“Not only will this restrict efforts to mitigate the threat posed by cyber risk; it will make ascertaining the value, and therefore suitability, of available risk transfer options all the more problematic.”

The study also found that 43 percent of enterprises have yet to identify one or more cyberattack scenarios that could severely impact their business, while 68 percent had not even calculated the potential financial fallout of a data breach or exposure to a virus.

These figures are all the more startling as Europol, the European Union’s law enforcement agency, recently said that cybercrime is more threatening than ever.

In its latest Internet Organised Crime Threat Assessment, released to coincide with European Cyber Security Month, it noted that cybercriminals are demonstrating more aggressive and confrontational characteristics.

Marsh suggests that a solution to all of this is to make cybersecurity a boardroom responsibility.

It explained: “Only with board-level buy-in can companies identify business-critical areas and undertake scenario testing and financial impact analysis to build up their cyber risk profile, enabling them to mitigate and/or transfer the risk accordingly.”