Most U.S. listed Fortune 500 firms recognize that a cyber attack would cause serious harm or adversely impact their business, but many may be overlooking critical exposures, according to a new report by Willis North America.
For example, only one out of five firms mention cyber-terror (20 percent) as a factor, despite heightened emphasis on cyber-terror by the U.S. government.
And only six percent of companies mentioned that they purchase insurance to cover cyber risks, even though recent market surveys suggest significantly higher take-up rates.
The Willis Fortune 500 Cyber Disclosure Report, 2013, tracked organizationsÃ¢â‚¬â„¢ response to SEC Guidance issued in October 2011, asking U.S. listed companies to provide extensive disclosure on their cyber exposures.
The report found that some 88 percent of the Fortune 500 are following SEC Guidelines as of April 2013 and providing Ã¢â‚¬Å“some levelÃ¢â‚¬ of disclosure regarding cyber exposures. Some 36 percent disclosed that the risk was Ã¢â‚¬Å“materialÃ¢â‚¬ or Ã¢â‚¬Å“seriousÃ¢â‚¬ .
However, some companies within particular industries that would seem to have exposures, were silent, Willis said.
Top three cyber risks identified by the Fortune 500 include:
1. Loss of theft of confidential information (65 percent)
2. Loss of reputation (50 percent)
3. Direct loss from malicious acts (hackers, virus) (48 percent)
Business Insurance has more on this story.
For additional information on theÃ‚ cyber terrorism threat, check outÃ‚ a just-publishedÃ‚ I.I.I. paper on terrorism risk.