Screen Shot 2014-10-29 At 5.05.58 PmZurich has just released an interesting (and free too!) white paper on cyber security events. The 10-page report shows that for many companies in 2014, being involved in a cyber event went from a question of “if” to “how bad?”

2014 will be known as the year when executives and board members began to view cyber risks more seriously and it became abundantly clear that no business, government, or individual was immune to the threat of an attack. With massive data breaches affecting some of the nation’s largest retailers, nation-states being accused of stealing corporate trade secrets, and private celebrity photos being hacked, 2014 has been chockfull of cyber related headlines.

Cybercriminal tactics continued to evolve and the ability to execute attacks became easier. Small and midsize businesses increasingly realized that they are highly vulnerable. Information security risks have become a risk management focus for more organizations. Thanks largely to a number of high profile retail breaches, 2014 also has been the year that executives and board members began to view cyber risks more seriously.

But while perception of the seriousness of the risks is increasing, it is clear that businesses continue to struggle with how to address their cyber risk management needs.

The Zurich survey was completed at least in part by 507 respondents. The majority of respondents classified themselves as either Member of Risk Management Department (not head) (38 percent) or Chief Risk Manager/Head of Risk Management Department (33 percent). Respondents with more than 20 years of risk management and insurance experience represented the largest group at 39 percent of the total, followed by 25 percent with between 11 – 20 years, 18 percent with 5 years or less, and 17 percent with between 6 – 10 years.

It is an interesting read. It might also be good to pass along to your senior management, Risk, IT and Info Sec department. ;-)