Estimated reading time: 4 minutes
Cyber Risk Strategy
Directors and officers today navigate a relentless storm of cyber threats. Phishing attacks, ransomware demands, and weak cybersecurity controls amplify the cybercrime pressure leaders face daily. The weight of leadership grows heavier as cyber incidents demand constant vigilance. The latest survey by Willis underscores this reality, highlighting evolving global attitudes toward cyber risk strategy.
“Cyber-attack and data loss continue to be ranked as two of the top three risks facing directors and officers, with health and safety ranked as the top risk.”
This ongoing threat demands an unwavering, proactive response from organizational leadership.
Cyber Threats Among Top Concerns
Data loss and cyberattacks rank as two of the top three concerns for global directors. Phishing, ransomware, and inadequate cybersecurity systems are consistently identified as serious threats.
In Britain, cyber-attacks are the number one risk, ahead of health and safety. North American and Middle Eastern directors prioritize data loss above other concerns. Despite this awareness, the global importance ranking for cyberattacks slightly declined by 2% from 2024 to 2025.
Increasing Cybersecurity Updates
Directors are more frequently updated on cybersecurity issues in 2025. Monthly board briefings rose from 18% in 2024 to 28%. Updates only after incidents dropped significantly from 20% to just 12%.
Regular updates suggest boards now proactively track evolving threats. Directors remain vigilant to ensure they’re not blindsided by cybersecurity gaps.
Cyber Incident Response Strengthens
An overwhelming 80% of companies have established a cyber incident response plan. More than two-thirds conducted a response test within the past year.
Confidence in incident response has grown substantially. Approximately 65% of companies now feel effectively prepared, compared to 56% in 2024.
These exercises contribute significantly to directors feeling equipped to handle cyber crises.
RELATED VIDEO
One Minute Watch on Marsh Announces Global Cyber to Combine Cybersecurity Insurance, Risk, and Incident Management.
Shifts in Cyber Risk Sponsorship
Cybersecurity management sponsorship is shifting beyond top-level leadership. Senior executives and boards still lead oversight, but more companies now involve dedicated cybersecurity officers.
This shift underscores the need for both strategic vision and technical expertise. Companies increasingly recognize the importance of collaborative cybersecurity management.
Latin America and the Middle East particularly report high involvement from IT departments, suggesting regional differences in strategy approaches.
Cybersecurity Budgets Rise, but Growth Slows
Cybersecurity budgets continue increasing, but growth has slowed compared to last year. About 56% of respondents expect budget increases, down from 63% in 2024.
This slower growth rate highlights that boards now expect strategic, efficient use of resources. Directors emphasize targeted investments rather than simply increasing spending.
Cyber Insurance Gains Prominence
Cyber risk is now central to directors’ and officers’ liability insurance coverage. More than half of surveyed companies (53%) currently hold cyber insurance. An additional 38% plan purchases within two years.
Standalone cyber policies are popular due to specific coverage needs. Importantly, insurance premiums are increasingly integrated into broader cybersecurity budgets.
This integration demonstrates cyber insurance’s growing importance as part of overall cyber strategy.
Key Recommendations from Willis
Willis outlines critical recommendations to strengthen cyber resilience:
- Develop a Cybersecurity Culture: Engage employees across all organizational levels with continuous training.
- Budget Wisely: Balance spending between technology, training, and insurance.
- Incident Response Planning: Clearly define roles, responsibilities, and protocols.
- Regular Testing: Conduct annual exercises to identify and address gaps.
- Effective Cyber Insurance Management: Regularly review insurance coverage, ensuring it aligns with emerging risks.
- Stay Informed: Continually assess threats, especially from phishing, ransomware, and weak cybersecurity controls.
Get The Cyber Insurance News Upload Delivered
Every Sunday
Subscribe to our newsletter!
Adrian Ruiz, head of FINEX GB Cyber & TMT at Willis Towers Watson, emphasizes a proactive strategy: “Building a strong cyber security culture that engages all levels of the organisation is critical to managing today’s evolving threats.” Ruiz added, From investing wisely in training and technology to regularly testing response plans, businesses must take a proactive, strategic approach to cyber risk.”
RELATED NEWS
