14 DAY TRIAL // A study published earlier this week by Willis North America, a unit of the Willis Group Holdings, analyzes the top cyber threats cited by US Fortune 500 companies in response to the guidelines of the US Security and Exchange Commission (SEC).
According to Willis, 88% of Fortune 500 organizations follow SEC Guidelines, which ask US companies to provide extensive disclosure on their cyber exposure.
On the other hand, there are some companies that are “silent,” despite the fact that they have some level of cyber risk. These silent companies include a restaurant chain, an insurance company, a pharmaceutical firm, and a health care firm.
The study shows that most US Fortune 500 companies, 65% to be more precise, are most concerned about loss or theft of confidential information. Loss of reputation is a top cyber risk identified by 50% of the organizations.
Direct losses caused by hackers and viruses are named a top risk by 48% of companies.
“Many of the results are not surprising as we know firms are actively taking steps to assess and mitigate their cyber risk, even if they have not been able to quantify a dollar amount associated with the risk,” commented Chris Keegan, senior vice president of national resource E&O and e-risk at Willis North America.
“However, we also see some surprising results which suggests some firms may be overlooking critical exposures. For example, only one out of five firms mention cyber-terror (20%) as a factor, despite the heightened emphasis on cyber-terror by the U.S. government,” Keegan said.
“In addition, only one out of ten firms detailed cyber threats caused by the acts of outsourced vendors. This runs contrary to what we see in our day to day practice given the high frequency of cyber events stemming from outsourced vendors.”
The complete 2013 Willis Fortune 500 Cyber Disclosure Study can be downloaded from here (registration required).