Businesses must redefine the way cyber risk is viewed or they will waste their efforts to protect against the danger, according to JLT.

A JLT-sponsored survey by Harvard Business Review Analytic Services confirms the broker’s observation that current cyber-security plans take the wrong approach.

More than half of the 278 survey respondents say their companies have a chief information security officer, and cyber-defence budgets have increased in the past three years.

But only 23% have a formal strategic plan to address business risks from cyber attacks.

“Despite greater awareness, support and resources devoted to cyber security, organisations continue to be exposed to cyber events,” JLT Specialty USA CEO Michael Rice said.

“The research offers a telling reason for this. Few organisations are treating cyber as a strategic business risk. A critical element in mitigating the business impact of cyber risk is to approach it strategically.”

Survey respondents view cyber threats seriously and expect the risk to intensify.

Board-level attention is critical to securing the resources required to manage the threat, the survey report says.

“Leadership must centre on the C-suite and engage the board, as well as the heads of all functions with responsibility for cyber security, from data security to finance.

“Moreover, the cyber-security committee mustn’t be isolated from other parts of the organisation’s risk management effort.”