In a recent Willis Report: “Some Fortune 1000 Retailers Remain Silent on Cyber Threats”, Willis explain how the Retail industry compares to the Fortune 1,000 companies in their approach to Cyber Liability.
When describing the extent of cyber risk
- 57% of retail firms disclosed their cyber exposures as significant, serious, material or critical, according to the study
- 9% of the firms did not disclose any risks related to cyber exposures
Willis describe the results as
surprising” given that the retail industry has been the target of many of the highest profile system breaches to date, resulting in some of the largest losses, the report said
Other key findings of the report include:-
The top three cyber risks identified by the retail sector of the Fortune 1000 include:
- 74% privacy/loss of confidential data
- 66% reputation risk
- 61% cyber liability
9% cyber risk at the hands of “outsource vendors” which Willis described as “surprising” given the level of outsourcing across the sector and the reliance on third-party technology partners
In detailing cyber risk remedies
- 49% of the retail companies cited the use of technical safeguards — more than the Fortune 1000 as a whole (43%)
- 17% of retail companies reported inadequate resources to limit cyber losses, a potential “cause for concern,” as technical protections may not be sufficient to contain the effects of some cyber or technology events, Willis said.
9% of the sector indicated they purchased insurance for cyber exposures.
In Willis’s view the actual rate of cyber insurance may be substantially higher based on additional Willis data obtained in collaboration with insurance underwriters. This places them below
- The funds sector (33%)
- Utilities (15%)
- Banking and conglomerates tied at 14% each)
- Tech/telco and insurance (11%)
- The media industry (10%)
The increasing frequency of “point-of-sale” breaches and “do-not- class-action law suits are described as an evolving cyber exposure.
The full report can be found here.