Managing cyber risk has become a point of emphasis in the insurance and asset management sector, with companies boosting annual expenditures and increasing oversight at the board level, according to a report released Wednesday by Moody’s.
Almost seven of every 10 companies have a chief information security officer overseeing corporate cyber risk, while another 10% of companies have a chief information officer overseeing cybersecurity.
More than 95% of organizations have their CISOs provide briefings directly to the chief executive officer at least on a semiannual basis. This compared with 88% using that practice in 2023.
In addition, seven of 10 companies have their CISO brief the corporate board of directors, at least on a semiannual basis. This compares with 54% in 2023. Four of every 10 companies link CEO compensation to the company’s cybersecurity performance, a sharp increase from just 24% in 2023.
A larger number of companies are increasing their spending on defense, as nearly half of companies surveyed spend about 8% or more of their total IT budgets on cybersecurity. This compares with 42% in 2023.
About 98% of respondents test their incident response plans at least once a year. Eight of every 10 companies do daily data backups to make sure they have a copy of critical data in case of ransomware attack or another disruptive security event.
About 97% of respondents operate patch management and vulnerability management programs.
The Moody’s report shows 84% of respondents have a formal policy to regulate the use of AI-based tools.
The research is based on a survey of 1,952 respondents globally, including 102 insurers, insurance brokers and asset managers.