Among Fortune 1,000 firms, insurers are one of the most-concerned industries when it comes to cyber threats, according to a new report by Willis North America, titled “The Willis Fortune 1000 Cyber Disclosure Report, 2013.”
The top three cyber risks identified by the Fortune 1,000 are privacy/loss of confidential data, reputation risk and malicious acts.
The report also divided the Fortune 1,000 into 20 industry groups to compare the disclosures of each risk, weighing the scope of the risk; how the exposure would manifest; and what protections were being employed to mitigate the risk. With respect to “perceived risk,” the report found that health care is the industry most concerned about cyber risk, closely followed by technology, insurance, telecom, life science and retail sectors.
Meanwhile, real estate, financial services funds, conglomerates, and the energy and mining sectors expressed the least concern for cyber risk.
When describing the extent of cyber risk exposures, financial institutions and technology companies rise to the top of the list disclosing distinct cyber exposures.
With respect to cyber insurance protection, the funds sector (33 percent) followed by utilities (15 percent), the banking sector and conglomerates (14 percent) reported the greatest levels of insurance. Insurance and technology sectors both disclosed the purchase of insurance coverage at 11 percent. However, the report indicated that many companies may be under-reporting the level of cyber insurance coverage based on Willis data and other industry data.
Among the Fortune 501 to 1,000, 22 percent remained silent on cyber risk. A “significant” increase compared to 12 percent of the Fortune 500 firms that remained silent in their disclosures. “The reason for this may be as companies get smaller, they see themselves as less likely targets of an attack, or it may be that smaller companies needed more time to identify their cyber exposures,” according to the report.
Commenting on the firms that remained silent, Ann Longmore, EVP, FINEX, Willis North America and co-author of the report cautions, “This is concerning because the view that firms may see themselves as less likely targets of an attack runs contrary to our experience.”
In evaluating loss-control measures, the industry groups that disclosed the greatest number of technical protections against cyber risk—including firewalls, intrusion detection, and encryption—include the technology, health care, professional services and financial institution sectors. Within financial services firms, insurance companies refer to technical risk protection 63 percent of the time.
