Willis Study: Tech Firms Point to Dependence on Outsourced Vendors as Cyber Threat

Tech Companies' 10K Disclosures Detail Key Cyber Exposures

Part of Willis Series Analyzing Cyber Risk Disclosure in Public Documents

NEW YORK, March 3, 2014 (GLOBE NEWSWIRE) -- In a study of public documents, Willis Group Holdings plc (NYSE:WSH), the global risk advisor, insurance and reinsurance broker found that technology and telecommunications companies estimated their cyber exposures at higher levels than others in the Fortune 1000, an indication that those firms may be underestimating their cyber risk exposure.

The Willis Special Report: 10K Disclosures – How Technology and Telecom Companies Describe Their Cyber Liability Exposures, published today, examines cyber risk disclosures made by the technology and telecommunications (tech/telecom) sector of the Fortune 1000. The study is part of an ongoing Willis series reporting on how U.S. public companies are describing their cyber risks in financial documents.

"We looked at how tech companies estimate their own cyber exposures, and they're seeing higher frequency and severity of exposure than others in the Fortune 1000," said Ann Longmore, the head of D&O, Fiduciary, and EPL Products for Willis FINEX in North America and co-author of the study.

"Significantly, they are twice as concerned about outsourced vendor risk," Longmore added. The study found that tech/telecom companies reported concerns about the potential for outsourced vendor risk at a rate more than double other large corporations (25% versus 12%). Outsourced vendors are comprised of any organization providing data, IT or security services.

"We find this compelling because these companies are by and large the cyber vendors for the rest of the Fortune 1000. They're seeing a big risk involving their own kind," Longmore said.

"Technology and telecommunications providers that are at the heart of our cyber infrastructure – which, increasingly, is our business infrastructure – are indirectly telling us that our dependencies on vendors may make us more vulnerable than many companies realize. The awareness of that vulnerability – or lack of awareness – may have a bearing on liability in this area as well," said Christopher Keegan, Senior Vice President, National Resource E&O and e-risk, Willis FINEX in North America and co-author of the study.

The results suggest a potential shortfall by others in the Fortune 1000 in assessing cyber risk, Keegan said. "If you're a passenger in an airplane and you see the pilot putting on a parachute, it's probably a good idea to take notice."

Other key findings of the study include:

  • The tech/telecom sector disclosed several cyber exposures at a significantly higher rate than the Fortune 1000, including: loss or disclosure of confidential information, loss of reputation, malicious acts and cyber liability.
  • In detailing cyber risk remedies, 44% of tech/telecom companies cited the use of technical safeguards. However, 20% of tech/telecom companies report inadequate resources to limit cyber losses. This indicates that technical protections may not be sufficient to contain some cyber or technology threats.
  • 11% of the sector indicated they purchased insurance for cyber exposures. In Willis's view the rate of cyber insurance may be substantially higher, particularly among some sub-sectors.

Commenting on the study, Sara Benolken, Willis's Global Industry Leader for Technology, Media and Telecommunications said, "The issue of cyber vulnerability through vendors has been thrust into the spotlight following news reports that a recent breach at a major retailer was through a vendor's access to the retailer's systems. Awareness of outsourced vendor exposure needs to be high on the radar of all tech and telecom firms."

Click here to download a free copy of the report.

About Willis

Willis Group Holdings plc is a leading global risk advisor, insurance and reinsurance broker. With roots dating to 1828, Willis operates today on every continent with more than 18,000 employees in over 400 offices. Willis offers its clients superior expertise, teamwork, innovation and market-leading products and professional services in risk management and transfer. Our experts rank among the world's leading authorities on analytics, modelling and mitigation strategies at the intersection of global commerce and extreme events. Find more information at our Website, www.willis.com, our leadership journal, Resilience, or our up-to-the-minute blog on breaking news, WilllisWire. Across geographies, industries and specialisms, Willis provides its local and multinational clients with resilience for a risky world.

CONTACT: Media: Colleen McCarthy +1 212 915 8307 colleen.mccarthy@willis.com Investors: Peter Poillon +1 212 915 8084 peter.poillon@willis.comSource:Willis Group Holdings