More than half of US Fortune 500 firms would face “serious harm” from a cyber attack

But only 6% purchase cyber insurance: Willis report

More than half of US listed Fortune 500 firms report they would face “serious harm” or be “adversely impacted” due to a cyber attack, according to a recent report by Willis North America.

The Willis Fortune 500 Cyber Disclosure Report 2013 was launched last year to track organizations’ response to the US Securities and Exchange Commision Guidance issued in October 2011, asking US listed companies to provide extensive disclosure on their cyber exposures.

Read: The B2B of IT

The top three cyber risks identified by the Fortune 500 include:

  • Loss of theft of confidential information (65%)
  • Loss of reputation (50%)
  • Direct loss from malicious acts (hackers, virus) (48%)

“Many of the results are not surprising as we know firms are actively taking steps to assess and mitigate their cyber risk, even if they have not been able to quantify a dollar amount associated with the risk,” said Chris Keegan, senior vice-president, National Resource E&O and e-risk, Willis North America and co-author of the report, in a press release.

“However, we also see some surprising results which suggests some firms may be overlooking critical exposures,” Keegan said. “For example, only one out of five firms mention cyber-terror (20%) as a factor, despite the heightened emphasis on cyber-terror by the US government. In addition, only one out of ten firms detailed cyber threats caused by the acts of outsourced vendors. This runs contrary to what we see in our day-to-day practice given the high frequency of cyber events stemming from outsourced vendors,” he said.

Read: More Marsh US clients buying cyber insurance

When it comes to protection against cyber risk, only 6% of companies mentioned that they purchased insurance to cover cyber risks “even though recent market surveys are showing significantly higher take up rates for cyber insurance among public companies,” Keegan said. Meanwhile 52% of firms referred to technical solutions they have in place, but a significant number (15%) also indicated they do not have the resources to protect themselves against critical attacks, the report said.

Ann Longmore, executive vice-president, FINEX, Willis North America and co-author of the report, cautions about the other potential impacts of cyber risk, particularly on directors and officers liability. “D&O liability risk may be heightened for companies that experience cyber breaches if cyber risk disclosures are deemed not to meet SEC standards and a significant loss were to occur. This may be especially true if peers have provided more detailed disclosure,” she said.

Follow us on Twitter at @CITopBroker for more industry news

A TC Media site,
Business Solutions

TC Media

Transcontinental Media G.P
1110 René-Lévesque Bldv W.
Montréal, QC H3B 4X9
(514) 392-9000