Companies rate cyber and IT as their greatest areas of risk, according to a Marsh Risk Consulting global survey.

However, most businesses feel better positioned to deal with traditional risks.

The International Business Resilience Survey – conducted with the Disaster Recovery Institute International – interviewed 200 C-suite executives, risk professionals and business managers about their attitudes to business risk.

About 77% agree strong resilience of IT systems is crucial to meeting business goals, while 69% say failing to manage IT would have a significant impact on their reputations.

Some 79% of respondents believe reputational damage from a sensitive data breach is the most probable risk and would have a high impact.

Despite this, CEOs place less importance on the resilience of their IT systems than they do reputational management, while giving greater attention to crisis management planning. 

The survey also reveals a “disconnect” between CEOs and risk managers’ perceptions.

CEOs are more worried than risk managers about cyber attacks, with 28% saying they have dedicated insurance against breaches, while only 6% of risk managers say the same.

About 29% of respondents say if they could invest in one area only, it would be IT system failure prevention.

Some senior executives “take it for granted” their organisations have specific insurance for cyber and IT-related risks, when they may not.

For cyber risks in particular, the level of insurance take-up appears low compared with how high the risk is perceived.

Marsh suggests companies design enterprise-wide cyber-risk control strategies, headed by cross-functional cyber-risk committees.

It recommends including a comprehensive review of critical IT services and processes in crisis management plans, and communicating the results to senior management.