Dive Brief:
- Two-thirds of organizations across the globe are planning to increase their investment in cyber risk prevention over the next 12 months, according to a report released Tuesday by Marsh. More than a quarter of organizations plan to boost their spending by more than 25%.
- The top spending priorities include security technology and mitigation, incident response and preparation, and hiring.
- Seven of every 10 organizations have experienced at least one material third-party incident over the past 12 months, according to the report.
Dive Insight:
The report highlights how organizations worldwide plan to address the growing challenges of maintaining the security of their customer data and boosting operational resilience.
Marsh’s conclusions are drawn from a survey of more than 2,200 cybersecurity leaders in 20 countries across eight regions.
Organizations in the U.K. were the most likely to increase investments, with three-quarters of respondents saying they planned to do so.
A Marsh cyber leader cautioned it is tough to fully protect against cyber risk, but added that cyber hygiene and governance changes can help.
“Organizations need to create a framework to vet vendor security and audit their vendors frequently,” said Payal Patel, a managing director in Marsh’s Cyber Practice. “Other measures organizations can take include adhering to a robust governance framework, negotiating strong contractual protections, reviewing access control rights, and off-boarding vendors when they are no longer utilized.”
The U.K. went through a historically difficult period of cyber risk this year, with a wave of social engineering attacks targeting the retail sector, followed by an attack against automaker Jaguar Land Rover, which crippled production for more than a month. U.K. authorities challenged corporate leaders to make cyber resilience a board-level concern and focus on maintaining business continuity.
Respondents expressed various degrees of confidence in their own cybersecurity capabilities, with the Middle East and Africa region showing the most confidence, at 83%, and security professionals in Asia-Pacific locations showing the least confidence, at 50%