Tech firms point to dependence on outsourced vendors as cyber threat: Willis

Other Fortune 1000 firms may be underestimating cyber exposure: Willis

In a study of public documents, Willis Group Holdings plc has found that technology and telecommunications companies estimated their cyber exposures at higher levels than others in the Fortune 1000, an indication that those firms may be underestimating their cyber risk exposure.

The Willis Special Report: 10K Disclosures – How Technology and Telecom Companies Describe Their Cyber Liability Exposures, examines cyber risk disclosures made by the technology and telecommunications (tech/telecom) sector of the Fortune 1000.

“We looked at how tech companies estimate their own cyber exposures, and they’re seeing higher frequency and severity of exposure than others in the Fortune 1000,” Ann Longmore, head of D&O, Fiduciary, and EPL Products for Willis FINEX in North America and co-author of the study, said in a press release.

Read: More than half of US Fortune 500 firms would face “serious harm” from cyber attack 

“Significantly, they are twice as concerned about outsourced vendor risk,” Longmore added. The study found that tech/telecom companies reported concerns about the potential for outsourced vendor risk at a rate more than double other large corporations (25% versus 12%). Outsourced vendors are comprised of any organization providing data, IT or security services.

“We find this compelling because these companies are by and large the cyber vendors for the rest of the Fortune 1000. They’re seeing a big risk involving their own kind,” Longmore said.

“Technology and telecommunications providers that are at the heart of our cyber infrastructure – which, increasingly, is our business infrastructure – are indirectly telling us that our dependencies on vendors may make us more vulnerable than many companies realize. The awareness of that vulnerability – or lack of awareness – may have a bearing on liability in this area as well,” said Christopher Keegan, senior vice-president, National Resource E&O and e- risk, Willis FINEX in North America and co-author of the study.

Read: US Fortune 1000 public companies silent on cyber risk 

The results suggest a potential shortfall by others in the Fortune 1000 in assessing cyber risk, Keegan said. “If you’re a passenger in an airplane and you see the pilot putting on a parachute, it’s probably a good idea to take notice.”

Other key findings of the study include:

  • The tech/telecom sector disclosed several cyber exposures at a significantly higher rate than the Fortune 1000, including: loss or disclosure of confidential information, loss of reputation, malicious acts and cyber liability.
  • In detailing cyber risk remedies, 44% of tech/telecom companies cited the use of technical safeguards. However, 20% of tech/telecom companies report inadequate resources to limit cyber losses. This indicates that technical protections may not be sufficient to contain some cyber or technology threats.
  • 11% of the sector indicated they purchased insurance for cyber exposures. In Willis’s view the rate of cyber insurance may be substantially higher, particularly among some sub-sectors.

Commenting on the study, Sara Benolken, Willis’s Global Industry Leader for Technology, Media and Telecommunications said, “The issue of cyber vulnerability through vendors has been thrust into the spotlight following news reports that a recent breach at a major retailer was through a vendor’s access to the retailer’s systems. Awareness of outsourced vendor exposure needs to be high on the radar of all tech and telecom firms.”

Follow us on Twitter at @CITopBroker for more industry news

Copyright © 2017 Transcontinental Media G.P.
Transcontinental Media G.P.