Cyber-Risks Aren’t Fazing Middle-Market Firms Much

In a recent survey by insurance firm Assurex Global, 49% of  brokerage executives surveyed deemed “cyber and technology risks” one of the top three exposures facing their clients, followed by talent recruitment and retention (43%), rising employee benefit costs (41%), and natural disasters (40%).

However, when asked to narrow their choice to the single most significant risk confronting their clients, cyber risk, which was cited as the biggest exposure by just 9% of the respondents, dropped to fourth place. “It’s clear that cyber risk is universally on the minds of business executives at middle-market companies around the world,” Assurex Global CEO Jim Hackbarth told Insurance Journal. “Yet, when you drill down to what really keeps their clients awake at night, the same executives will answer differently.”

Meanwhile, only 50% of middle-market executives surveyed earlier this year by Deloitte LLP cited information security as the technology trend expected to have the greatest impact on their businesses during the coming year—despite ever-more-prolific cyber-threats. Fifty percent of executives said their companies do not have the most up-to-date, robust security measures in place, and more than half said their companies do not encrypt sensitive information.

Interestingly, the degree to which cyber-risk causes middle-market firms concern—and what they prioritize instead—varies by operating region. Among companies in the U.S. and Canada, talent recruitment and retention, rising employee benefit costs, and natural disasters trumped cybersecurity on the list of important exposures in order of priority. By contrast, among companies headquartered in Latin America, cyber-risk ranked second on the list of exposures meriting concern, superseded only by natural disasters.

Change is clearly warranted, said Adnan Amjad, a Deloitte partner, on the firm’s blog. “It’s time for (middle-market company) leaders to treat cyber-risk as a board level issue. It’s critical that there are “processes in place to identify, protect, and monitor” companies’ valuable information.