U.S. companies believe that more high profile cyber-breaches could significantly harm business conditions, yet admit they are woefully unprepared for cyber-risks and their potential widespread impact, according to a survey released by the Association for Financial Professionals (AFP).
The survey revealed that 62 percent of companies have experienced an actual or attempted cyber-attack in the last 12 months, and 62 percent also knew of cyber-attacks at their major counterparties. The survey generated 970 responses from executives in corporate treasury, finance and banking.
As a result of recent-attacks, cyber-risk ranks high among business concerns, with 32 percent of respondents rating cyber-risks “highest” on a five-point scale and another 28 percent rating these risks “very high.”
Companies appear to be throwing money at the problem, with 71 percent increasing spending to mitigate possible attacks, including a quarter that increased their spend by at least 50 percent, according to the survey.
But they aren’t necessarily spending on insurance. Only six percent of companies that were uninsured against cyber risk began carrying cyber insurance in the last year, and only 15 percent increased their coverage during the period.
A full 31 percent of responding organizations do not carry any cyber insurance to date.
“Cyber risk is arguably one of the biggest risks that businesses face,” said Jim Kaitz, AFP’s president and CEO. “Companies fear direct risks from breaches of their corporate technology, and they fear fallout from the economic impact of high profile breaches within our financial system.”
Despite grave concerns and a fear of economic impact, 21 percent of organizations hadn’t updated their crisis response/business continuity plans in the last year and another 12 percent revealed that they had no such plans at all.