Just 27% of global business leaders cite cybercrime risk as their top area of concern (down from 34% in 2021)
Despite the perception of cyber risk reducing, perceived resilience has not strengthened – but has fallen to 74% from 80% last year.
The threat posed by new technologies, such as AI, which had consistently reduced since 2021, is now predicted to be a growing threat in the 12 months ahead.
Beazley has published its latest Risk & Resilience report: Spotlight on: Cyber & Technology Risks 2023. The data shows how perceptions around cyber and technology risks, from ransomware and other cyber-attacks to the threats posed by AI, are changing the global business risk landscape.
The economic impact of cybercrime on business across the globe continues to reach new levels, with the cost predicted to reach US$10.5 trillion by 2025, a 300% increase since 2015. Yet, boardroom focus on cyber risk appears to be diminishing. The perceived threat of cyber risk to global business leaders peaked in 2021 (34%) and over the past two years, the risk perception has dropped (27%). In 2024, it is predicted to remain at 27% whilst business preparedness for this risk continues to decline.
As cyber fears decrease, the technological risk landscape has fragmented, with executives nearly as concerned about the perceived threat posed by disruptive new technologies, such as AI, as the risk of cybercrime. Failing to keep pace with technology and adapting to new innovations is an issue that 26% of global business leaders identified as their key technological concern, yet resilience to this threat is on the decline and more than a fifth (21%) of all businesses feel they cannot maintain the pace of change.
Leaders are also turning their attention to other concerns such as the risk of theft of their intellectual property (IP) with 24% of business leaders ranking it as their top risk in 2023, more than double what it was in 2021 (11%). IP theft has also become the cyber and technology risk for which businesses across the world feel least prepared, with more than one in four businesses (26%) reporting they feel ill-equipped to mitigate this risk.
Small business is highly exposed to cyber risk
Despite overall concern around cybercrime tracking downwards, small and medium sized businesses (SMEs) are increasingly aware of their limited ability to mitigate cybercrime threats and Beazley’s data suggests they feel more exposed than ever. Companies with an annual revenue of US$250,000 to US$999,999 report feeling less prepared to deal with cyber risks in 2023 (76%) than they did in 2022 (70%). The report outlines how cyber hacking groups are becoming more specialised and diversified, with some groups now using SME’s security systems as a training ground for new hackers to learn their trade.
Paul Bantick, Group Head of Cyber Risks, Beazley said: “Business leaders are finding it a struggle to keep up with the constantly evolving cyber threat. But worryingly they appear less concerned by cyber risk than a couple of years ago. This could be because they have been lulled into a false sense of security as the war in Ukraine led to a temporary reduction in the ransomware threat level when a number of cyber gangs splintered, but this situation is only temporary and should not be viewed as the new normal.
“As the MOVEit hack has proved, the bad actors are always looking for new ways to attack with tactics ranging from third party supplier attacks to more sophisticated social engineering and phishing attack techniques. Businesses of all sizes and across all industries cannot afford to take their eye off the ball, just at a moment when cyber criminals are starting to look to make up for profits lost over the past 18 months.
“The emergence of AI and other tech innovations as well as the increase in concerns over IP theft are now front of mind for many business leaders globally. These threats are fast evolving and unfamiliar, with many companies being caught on the back-foot when dealing with the risk. For the insurance industry, working with clients to help them tackle these challenges is vital to ensuring businesses operate in as safe an environment as possible. We need to continue to work with our clients to explain how they can improve their resilience to cyber and technology risks, and encourage them to adopt a defence in depth risk mitigation strategy.”