Article img

New research reveals businesses may be overconfident about resilience to cyber threats

Risk & Resilience research finds fewer US and UK business leaders rank cyber as their leading risk in 2022 - as geopolitical turmoil pushes business and environmental concerns higher...


  • Confidence in resilience to the cyber threat remains high - but may be over optimistic
  • ‘End of life’ software grows as an area of risk for businesses with ageing legacy IT systems
  • Concern about intellectual property risk has increased 107% since 2021

The latest edition of the market leading Risk & Resilience research from Beazley, Spotlight on: Cyber and Technology risk, published today, indicates that cyber remains the leading concern in the technology risk category, with 28% of UK and US respondents listing it as their number one risk in 2022. This, however, represents an 18% real terms decrease, down from 34% in 2021.

There is also a worrying degree of complacency around active cyber risk management and maintaining resilience to cyber threats, with over 41% of UK and US business leaders feeling ‘very prepared’ to meet the cyber threat, which although down marginally (5%) on 2021, may yet demonstrate over confidence.

“We are detecting signs that business leaders may have become a little complacent – even over-confident – about the cyber and technology risks faced by their businesses. Perhaps because of the overwhelming challenge that the current geopolitical environment poses today they may be being blinded to the threat that cyber and technology risk may deliver tomorrow,” said Patricia Kocsondy, Head of US cyber and technology, Beazley.

Wider technology risks are also starting to worry executives

As the new report shows year-on-year, the proportion of business leaders putting intellectual property (IP) risk first has risen dramatically, up 107% in real terms since 2021. Meanwhile, the proportion of businesses putting technology obsolescence top of their list has also risen, with concern increasing more in the US than the UK.

While perceived resilience to cyber and technology risks generally remains relatively high, with 31% of UK firms and 43% of US firms feeling ‘very prepared’ across all four risks within this risk category, resilience perception has dropped across the board, down 9% on average – with IP risk resilience down 12%, and disruption risk down 10%, compared with 2021. 

“Mid-market clients, in particular, are struggling with what is being asked of them in terms of funding, budgeting for and repairing technology to keep pace with a range of cyber and technology risks. At Beazley, we are placing a lot more emphasis on questions around how to handle end-of-life software and hardware issues, with many industries now in catch-up mode to budget for what their insurers require.” Commented Bala Larson, Head of Cyber Client Experience, Beazley.

Cyber hygiene is key to insurability

With pricing for cyber insurance rising, insurers are becoming more selective about which cyber risks they write. Cyber insureds therefore need to regard cyber resilience and risk management as much more than a tick-box exercise, as they seek to protect intangible assets and ensure business continuity.

“More companies in the UK have cyber insurance cover since 2021, and perhaps feel more protected, but there is a sense that many view this purchase as a box-ticking exercise, while too many companies still lack basic protections against cyber-attacks.” Commented Aidan Flynn, Head of London and International Underwriting Management, Cyber, Beazley.

Summary of the key findings

The report’s findings raise a number of concerns:


  • Few of the risks outlined above feature in the high risk/low resilience quadrant of Beazley’s Risk & Resilience matrix suggesting business leaders are becoming complacent about resilience to cyber and technology risks.
  • Cyber risk still dominates risk radars, but concern has lessened since last year while perceived resilience has dropped to 41%, with many companies distracted by geopolitical turbulence either unwilling or unable to upgrade cyber protections.
  • Intellectual property is still lowest on the list of concerns, but risk perception has dramatically increased, up 107% on last year, suggesting this is a potential area where greater risk management and mitigation is needed.
  • Technology obsolescence is the number one risk for 27% of UK and US business leaders, displacing disruption in the ranking, at the same time, perceived resilience has also dropped, possibly as companies struggle with the cost and effort of updating or replacing legacy systems.

% of business leaders in the UK and US listing these risks as their primary concern

Change in cyber and technology risk perceptions 2021-2022

Combined % of all UK and US respondents listing these risks as their primary concern.

Change in cyber and technology resilience perceptions 2021-2022 (US and UK)

 Combined % of all UK and US respondents who feel ‘very prepared’ for these risks.


See more
See less
Share fluctuations
Swiss Re
Argo Group
Tokio Marine
Munich Re
Hannover Re
See more
See less
Upcoming events