At the launch of TheCityUK’s ‘Governing Cyber Risk’ report, Marsh’s Mark Weil urged for co-operation to build cyber resilience

At the launch of a TheCityUK cyber report, Marsh UK & Ireland chief executive Mark Weil has urged firms to work collectively if they are going to keep on top of cyber risk and act in the public interest. 

The report findings show that boards have made great improvements in how they deal with cyber risk over the previous three years, though some are outperforming others.

However, while there are differences in how boards are dealing with the growing threat of cyber risk, these are more down to attitude rather than expenditure.

This means that gaps should be relatively easy to fill, but boards need to act now.

The report, entitled ‘Governing Cyber Risk’, benchmarked 30 companies from the financial and professional services industry.

It found that while a majority of boards were dealing with cyber risk to a minimum expected standard, there were six outliers and room for improvement.

Cybercrime is “the black market on steroids”

Speaking at the launch of the report, TheCityUK chairman John McFarlane likened cyber crime to “the black market on steroids.”

He continued: “This is war, and needs wartime, not peacetime, urgency and defences.”

McFarlane and Marsh UK & Ireland chief executive Mark Weil, who is soon stepping down from Marsh, urged companies to collaborate in their efforts to build cyber defences.

In some areas, there has been a “lack of dialogue” between companies, according to Weil.

However, he said that Marsh had seen a marked improvement.

“When we first started benchmarking 3 years ago, we found a lot of inertia and lack of awareness. That is gone,” he said.

Nearly seven in 10 businesses have been affected

Keynote speaker Vicky Ford MP, chair of the All-Parliamentary Group on Cyber Security, highlighted the sobering difficulties faced by the government and business as emerging technology and methods of criminality grow.

“The sad fact is one in 10 people in this country have been a victim of cybercrime,” Ford told attendees.

“You are 20 times more likely to be a victim of crime online than offline,” she continued, adding that nearly seven out of 10 businesses have been affected.

“I can’t tell you how terrible it is to have a constituent come into a constituent surgery saying they hit the button and now all their money is gone,” Ford lamented.

The government has recently pledged £9m to tackle the dark web, Ford added, the anonymity of which she thinks “emboldens people”.

In addition, Ford pointed to IMF’s global campaign against dirty money, which is launching next week, as part of the collaborative solution.

FCA acknowledges the challenges faced by firms

Robin Jones, head of technology, resilience and cyber at the FCA, acknowledged the difficulties that businesses face in addressing cyber risk.

“Cyber-attacks are harder to spot, harder to stop and harder to recover from than ever before,” he said.

While technologies such as machine learning are supplementing attempts to fight cyber-attacks, the methods criminals are using continue to evolve.

“It [cyber risk] moves with unpredictability and volatility,” Jones acknowledged, “meaning that a business strategy spanning a few years is difficult to marry with a risk environment that can only be measured in days or weeks”

For example, while ransomware attacks declined 93% last year, crypto mining rose 250%.

Firms must be proactive rather than reactive if they are going to minimise the risk of cyber-attacks, Jones said.

He cautioned: “We still see some firms approaching this risk in ways that are less effective. They don’t realise in doing so they are effectively employing good luck.”

More to do to keep up with a growing risk

The message of the launch and report was clear: boards are doing far more to mitigate cyber risk than they were three years ago, but more collaboration and a defined cyber strategy is key to winning the war against cyber criminals.