Tag Archives: SEC

Cyber Risks and the Fortune 500

Most U.S. listed Fortune 500 firms recognize that a cyber attack would cause serious harm or adversely impact their business, but many may be overlooking critical exposures, according to a new report by Willis North America.

For example, only one out of five firms mention cyber-terror (20 percent) as a factor, despite heightened emphasis on cyber-terror by the U.S. government.

And only six percent of companies mentioned that they purchase insurance to cover cyber risks, even though recent market surveys suggest significantly higher take-up rates.

The Willis Fortune 500 Cyber Disclosure Report, 2013, tracked organizations’ response to SEC Guidance issued in October 2011, asking U.S. listed companies to provide extensive disclosure on their cyber exposures.

The report found that some 88 percent of the Fortune 500 are following SEC Guidelines as of April 2013 and providing “some level† of disclosure regarding cyber exposures. Some 36 percent disclosed that the risk was “material† or “serious†.

However, some companies within particular industries that would seem to have exposures, were silent, Willis said.

Top three cyber risks identified by the Fortune 500 include:

1. Loss of theft of confidential information (65 percent)
2. Loss of reputation (50 percent)
3. Direct loss from malicious acts (hackers, virus) (48 percent)

Business Insurance has more on this story.

For additional information on the  cyber terrorism threat, check out  a just-published  I.I.I. paper on terrorism risk.

Report: More Companies Disclosing Water-Related Risks

Companies need to undertake ongoing and more robust analysis of potential water-related risks and provide more quantitative data on overall water use and financially material risks as part of their disclosures in Securities and Exchange Commission (SEC) filings, according to a new report from Ceres.

Ceres maintains that while overall corporate disclosures of water-related risks have increased since the SEC issued its climate change guidance in 2010, most reporting remains weak and inconsistent.

In its analysis of changes in water risk disclosures by more than 80 companies between 2009 and 2011, Ceres says that reporting is lacking especially in regard to data on financial impacts, quantitative water metrics and potential supply chain risks.

Ceres notes that drought and flood cycles have led to billions of dollars in losses for corporations worldwide. Drought in China in the spring of 2012 left 3.5 million people with limited or no access to drinking water and cost the affected provinces an estimated $2.3 billion. Flooding in Thailand in November 2011 cost the semiconductor industry an estimated $15-20 billion.

Here in the U.S. in early June rain inundated the Florida panhandle and coastal Alabama, resulting in more than two feet of precipitation and at least $20 million in flood damage. The region had previously been classified as in severe or extreme drought. This has led Florida officials to call for increased disclosure of risks.

A key takeaway from the report is that significantly more companies are disclosing exposure to water risk, with a focus on physical risk. Some 87 percent of companies now report physical exposure to water risk versus 76 percent in 2009, with the biggest increases coming from the oil and gas sector, according to Ceres.

The report also finds that more companies are making the connection to climate change. In 2009, only eight of the 82 companies assessed (10 percent) disclosed that climate change posed growing physical risks in the form of water scarcity, flooding or quality issues to their operations and supply chains. In 2011, that number jumped to 22 (27 percent).

Hat tip to Business Insurance for flagging this story.

The I.I.I. has information on climate change and insurance issues.