Cyber risk a growing priority among insurance and asset management firms

Core Insights - Managing cyber risk is increasingly prioritized in the insurance and asset management sectors, with companies enhancing their annual budgets and board-level oversight [1] Group 1: Cybersecurity Leadership - Nearly 70% of companies have a Chief Information Security Officer (CISO) overseeing corporate cyber risk, while an additional 10% have a Chief Information Officer (CIO) in this role [2] - Over 95% of organizations have their CISOs provide briefings to the CEO at least semiannually, an increase from 88% in 2023 [2] - 70% of companies have their CISO brief the corporate board at least semiannually, up from 54% in 2023 [3] - 40% of companies link CEO compensation to cybersecurity performance, a significant rise from 24% in 2023 [3] Group 2: Cybersecurity Spending and Practices - Nearly half of the surveyed companies allocate 8% or more of their total IT budgets to cybersecurity, compared to 42% in 2023 [3] - About 98% of respondents test their incident response plans at least annually [4] - 80% of companies perform daily data backups to safeguard critical data against ransomware and other security threats [4] - 97% of respondents have patch management and vulnerability management programs in place [4] - 84% of respondents have a formal policy regulating the use of AI-based tools [4] Group 3: Survey Demographics - The research is based on a survey of 1,952 global respondents, including 102 insurers, insurance brokers, and asset managers [5]