For the second consecutive year, large-scale cyberattacks have emerged as the top risk for corporations across India, according to a joint study conducted by Marsh and the Risk and Insurance Management Society (RIMS).
The report, titled ‘Excellence in Risk Management – State of Risk Management in India 2019’, found that around 62% of respondents identified cyberattacks as the top risk facing their organisations. Extreme weather events (17%), data fraud or theft (10%), and fiscal crises (9%) were also highlighted among the other top risks for Indian businesses.
A total of 179 respondents, including c-suite executives and senior risk professionals across 23 industries, were interviewed for the study.
The report also examined the maturity of the risk management function across India’s leading organisations. It showed that while firms have been slow to change their cybersecurity strategies and make further investments, an increasing number recognise the importance of implementing a comprehensive risk management framework, as well as the potential for good risk management to be a competitive advantage.
Read more: What is silent cyber risk?
More than 68% of the respondents listed integrating risk management into strategic planning as the top investment priority when it comes to strengthening their risk management function in 2020. Another 15% ranked upgrading risk management technology as a key investment goal. However, approximately 11% of respondents indicated that building risk management capabilities was not a significant investment focus for their organisation.
“India, like other countries, has been susceptible to malicious cyberattacks and there is growing awareness among corporates of the need to ensure they have appropriate cybersecurity controls,” said Sanjay Kedia, country head and CEO, Marsh India. “Firms need to keep up with the evolution of cyber threats if they are to capitalise on technology-based opportunities. This will require organisations to make additional investment to ensure they have adequate protection.
“Quantifying cyber risk can help organisations make better informed capital allocation decisions, enable better performance measurement, and put cyber risk in the same economic terms as other enterprise risks.”