Executive Indecision

Zurich Insurance has recently released the results of its seventh annual Advisen cyber survey, offering some insights into the thoughts of those responsible for the company's cyber security policies and funding. Among the findings of the survey, one of the most interesting was the appearance of a sharp drop in the number of risk professionals who said executive management in their organizations viewed cyber risk as a significant threat -- with the percentage who agreed with the statement dropping from 85 per cent in 2016 to 60 per cent in 2017. This finding was also paired with the observation that only 53 per cent of respondents were aware of changes in their company's cyber security systems in response to high profile attacks -- such as WannaCry, Petya, or the Equifax hack.

Observes Erica Davis, head of Specialty E&O for Zurich North America, of the findings, "It could mean that organizations are feeling more confident in their cyber security control. It's great if these businesses believe they've made a good investment and improved their cyber resilience, but I would caution that today's control may not be adequate for tomorrow's threats."

Davis did observe, however, that not all the survey news is concerning. "A positive development that came out of this year's survey is that organizations are starting to engage in comprehensive reviews of business partner relationships, including how vendors and business partners approach their own exposures and controls and how the vendors' supplier approach fits into their overall resilience plan," she says.