Security

12:49 PM
Tim Wilson, Dark Reading
Tim Wilson, Dark Reading
News
Connect Directly
RSS
E-Mail
50%
50%

Willis: Some Retail Firms Still Don't Recognize Cyber Security Risks

Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says.

Nearly 60% of retail companies describe their cyber security exposure as "significant," "serious," or "critical," but another 9% are not reporting any cyber security exposure at all, according to a report published Wednesday.

According to a study of filings with the Securities and Exchange Commission conducted by risk advisor and insurance broker Willis Group Holdings, almost a tenth of retailers have not reported any cyber risk in financial documents filed with the SEC, which has required such reporting since Oct. 2011. The report describes the non-disclosure as "surprising," given the high-profile breaches recently discovered at retail chains such as Target, Michaels, and Neiman-Marcus.

Among those that did report cyber exposure, the top three risks cited were privacy/loss of confidential data (74%), reputation risk (66%), and cyber liability (61%). Cyber risk at the hands of outsourced vendors ranked at just 9%, a result Willis also describes as "surprising," given the level of outsourcing across the sector and retailers' heavy reliance on third-party technology partners.

Read the rest of this article on Dark Reading

Comment  | 
Print  | 
More Insights
Register for Insurance & Technology Newsletters
White Papers
Current Issue
Slideshows
Video