A new poll indicates that the “vast majority of risk professionals say information security and other cyber risks are at least a moderate threat to their organizations.

The survey by Zurich Insurance found that most of the risk managers said that “cyber exposures are the focus of specific risk management activities within their organizations. The level of sophistication in addressing these risks varies widely, though a growing number of organizations are adopting an enterprise-wide – or at least a multi-departmental – approach to information security and cyber risk management.

The 10 page paper – “A New Era In Information Security and Cyber Liability Risk Management: A Survey on Enterprise-wide Cyber Risk Management Practices” is available for download.

In addition Zurich pointed out that “many organizations now recognize that cyber security extends well beyond the IT department. A wide range of issues such as lost or stolen data, violation of privacy laws, intellectual property infringement and social media-related risks such as cyber-bullying and textual harassment constitute a much broader scope of cyber exposures.”

To gain insight into the current state of enterprise-wide information security and cyber liability risk management, Zurich sponsored a survey of 511 risk managers. It said the resulting report “not only offers insights into best practices in information security and cyber risk management, it also provides a useful framework for risk managers and other to benchmark their own programs.”

Zurich also participated in a “cyber liability insights” conference in New York in October, which highlighted the “risk managers’ perspective on cyber risk management and insurance,” as companies “increasingly recognize that data security and reputation risk management are enterprise-wide activities.”

As a result Zurich said: “Many have formed interdepartmental teams in which risk managers often play a key role.”