Only 19 per cent of companies have purchased insurance specifically designed to cover information security and privacy.
Only 16 per cent of companies have designated a chief information security officer to oversee cyber risk and fewer than half (44 per cent) have increased their budget to tackle the problem.
Corporate insurer Zurich says there are several ways in which data can be lost, stolen, or misappropriated, illustrating the prevalence of the cyber threat.
Respondents rated each of the following in order of frequency as being among the most serious information security concerns for their organisations:
1. malware and other viruses
2. administrative errors
3. incidents caused by data providers
4. malicious employee activity
5. attacks on Web applications
6. theft or loss of mobile devices
7. internal hackers.
Despite malicious employee activity being one of the most serious concerns, only just over a third (36 per cent) of survey respondents said their organization conducts information security and risk training at enterprise level for all employees and less than half (46 per cent) said the training occurs either annually or biannually.
Regulation and compliance concerns appear to be driving much of organisations’ planning around cyber risk.
While survey respondents most frequently placed business income loss and the cost to restore crucial proprietary electronic information among their top five concerns, the next three concerns were all related to legal liability:
- legal defence and settlement costs from third party claims,
- costs to comply with regulatory settlements,
- and costs to defend against regulatory investigations.
Steve Wilson, chief risk officer for General Insurance, Zurich Insurance Group, said: "The enormous expansion in the availability of information presents unprecedented opportunities and challenges for business and government.
"As well as regulatory responsibilities to protect proprietary information, organisations have a duty of care to ensure their measures are robust.
"Furthermore, companies are exposed to the risk of a significant decline in stock price compared with industry peers following a cyber security breach as a result of the negative reputation impact.
“Cyber risk comes in a bewildering variety of forms for organisations and we hope this research will provide risk managers with important insights into this critical issue.
"As the survey shows, it is essential that organisations do not fall into the trap of a top-down approach, taking a holistic approach which engages all employees to meeting this challenge."