Companies in the retail sector report their cyber exposures at higher levels than their Fortune 1000 counterparts, according to a study of public documents published Wednesday by Willis Group Holdings P.L.C.
The report, “Willis Special Report: 10K Disclosures – How Retail Companies Describe Their Cyber Liability Exposures,” says a total of 57% of retailers in the Fortune 1000 describe their cyber exposures as significant, serious, material or critical, compared with 43% of nonretail firms.
The study also found that 6% of retail firms in the Fortune 500 and 11% of retail firms in the Fortune 51-1000 segment remained silent on the issue of cyber exposure in their public documents.
“We were surprised, given the history of the segment for being the target of breaches, that any companies were silent on this issue,” says the report.
The report also described the top cyber risks identified by the Fortune 1000, which were headed by privacy and loss of confidential data, cited by 74%; reputation risk, cited by 66%; and cyber liability, cited by 61%.
The report found that 17% of retail companies report inadequate resources to limit cyber losses, “which usually indicates that technical protections may not be sufficient to contain the effects of some cyber or technology events.”
A total of 9% of retail companies said they purchase insurance for their cyber exposures, although the report states “we believe that rate might be substantially higher.”
Commenting on the report, Ann Longmore, New York-based executive vice president of FINEX for Willis North America Inc. and co-author of the report, said in a statement, “The results underscore a potential shortfall by some firms in the retail sector in assessing cyber threats.
“In addition to the potential impact a cyber-event could have on their operations, firms that fail to disclose known cyber risks in their public disclosures could face additional exposures in the form of directors and officers liability suits, should a loss occur,” she said.
Copies of the report are available here.