Cyber risk has shot up in importance for company CEOs and senior executives, according to an Ipsos survey for Lloyds Risk Index 2013. Cyber risk is now the third biggest concern overall for company chiefs - ranking only after high taxation and loss of customers.
In 2012, cyber risk was ranked as 12th, Lloyds says in its report. The information comes from a poll of 580 senior executives and CEOs at companies around the world. The executives were asked to rank 50 risks in terms of their importance to their business, and in terms of their business’s preparedness for that risk.
“Cyber security now sits squarely towards the top of the agenda for boards around the world with cyber risk moving from 12th to 3rd place in the index. Business leaders have woken up to the importance of cyber security following a series of high profile incidents since 2011,” the company said in an official release.
Lloyds says that the relatively low placing in previous years may have been due to companies underestimating the threat they faced.
“Given the well-documented frequency of cyber breaches, the relatively low weighting given to cyber risk in both the 2009 and the 2011 Risk Indices suggested too many businesses were underestimating its impact. Not any more,” the company says in its report. “One development may be that the perception of what motivates cyber attacks is evolving: from financial crime to political and ideological attacks. 2012 saw the takedown of the Interpol, CIA and Boeing websites, the suspension of alternative currency Bitcoin’strading floor, the mass theft of passwords from professional networking site LinkedIn, theoutage of the websites of six major US banks and many more.”
The report points to Ponemon Institute statistics about the rising costs of cybercrime, with an average annualised cost of $8.9 million a year.
“It appears that businesses across the world have encountered a partial reality check about the degree of cyber risk,” the report says.
The report questions whether businesses are spending money wisely, saying that a large percentage of data breaches are caused by employee negligence, an area that should in theory be within the control of that organisation.
“Spending money upfront on risk management – and ensuring recommendations are implemented throughout a company – might go a long way to preventing a cyber disaster before it starts,” the report concludes.