Cyber Risk Remains a Top Concern for Organizations While Lacking Confidence in Addressing Cyber Threats


It appears priority and ability to execute are two very different things when it comes to dealing with cyber threats, according to the latest data from Marsh and Microsoft.

Organizations today really have no choice but to be prepared for cyber attack. Protective, detective, predictive, and reactive measures all should be in place as part of an overall strategy.

According to the Global Cyber Risk Perception Survey Report 2019 from Marsh and Microsoft, 79% of organizations put cyber risk as one of their top five concerns – that’s a material 27% increase from just two years ago.

OK, so then organizations are ready, right?


When asked about their ability to address specific aspects of cyber resilience, three key areas showed declines in their confidence:

  • Assessment – those orgs citing ‘no confidence’ in their ability to understand and assess cyber risks doubled - from 9% to 18%.
  • Prevention – those with no confidence in an ability to prevent cyber attacks rose 58% - from 12% to 19%.
  • Response – those with no confidence in their response or remediation rose 47% - from 15% to 22%.

With nearly one-fifth of organizations across the board unsure about whether they can identify, prevent, stop, and remediate cyber threats, they certainly have a funny way of demonstrating that cyber threats are one of the top five concerns.

My guess is (based on the report data) that organizations are still waiting to see if they are the victim of an attack before they act. According to the report, the number one factor (64% of respondents) that will have an impact on increasing budget allocation to cyber resilience is experiencing a cyber attack themselves!

Organizations must be proactive in their efforts to thwart attacks from coming to fruition. Without an understanding of the scope and scale a given attack will have, it’s far too risky to simply wait until an attack happens. If your organization hasn’t started (say, beyond endpoint protection), we always recommend a layered security strategy that addresses all three parts of a cyber resilience strategy shown lacking above, along with continual Security Awareness Training as the last line of defense.

Did you know that when you use KnowBe4, the world's largest cyber insurers give you a better deal? Marsh awarded KnowBe4 with the "Cyber Catalyst " designation, here is more detail

Request Your Security Awareness Training Quote

products-KB4SAT6-2Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will. Find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote Now

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Domain Spoof Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews