For many companies, the effects of a data breach can be devastating. Given the recent push by many to go paperless and automate as many processes as possible, as well having employees walking the streets with mobile devices containing sensitive information, the number of potential breach points for criminals has grown significantly in recent years. As a result, insurers should proceed with greater caution now when pricing risk.

According to a new report from international specialist insurer Hiscox, 38% of recently surveyed Fortune 500 companies fail to acknowledge the threat of a data breach in the Risk Factors section of their SEC 10-K filing. Additionally, of the companies that do include the risk of a data breach in their 10-K, 26% fail to mention the consequential financial impact, while a further 49% failed to identify the reputational impact.

Hiscox's research focused on the most recent 10-K filings of nearly 250 companies within the Fortune 500 in those industry sectors, including air travel, banking, healthcare, retail and utilities—all sectors that would be expected to handle significant amounts of personal data.

The results of the study found that 48% of the specialty retailers in the Fortune 500 mention privacy or data security in the Risk Factors section of their 10-K; while only 20% of companies in the gas and electric utilities sector made similar mention.

"Criminals today know that the real money is no longer to be found in bank safes but on company computers where access to one system could net the confidential information of millions of individuals, leading to fraud on a grand scale," says Jim Whetstone, SVP, Hiscox. "Our research shows that corporate America appears to still be far more concerned with identifying the conventional risks, such as fire and flood, to their business, and has not yet fully accepted the extensive financial and reputational damage that a data breach and loss of confidential information can cause."

"As cyber criminals become more adept at circumventing security technology and security breaches grow in scope and scale," he adds, "it is key that U.S. companies recognize the risk and do everything practical to protect sensitive company and customer information."Additionally, the report also examined, in a snapshot survey of 60 companies, whether they had implemented end-to-end encryption.

"While there remains no single technology solution to data breaches, we believe it is evident that a defense-in-depth approach to security must extend beyond firewalls and intrusion detection to the next layer—encryption of this information, both while in transit and at rest," the report says.

This research found that only 7% of companies surveyed had encrypted all of their data, despite nearly half having suffered some form of data breach.

"Data breaches are becoming more frequent, sophisticated and financially damaging to U.S. companies," Whetstone says. "These findings emphasize the need for better collaboration between risk management, IT and legal departments to properly assess this exposure and how it is addressed."

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access