Over a third of Fortune 500 companies surveyed fail to disclose the risk
NEW YORK – Thirty-eight percent of Fortune 500 companies surveyed in a new report from Hiscox (LSE: HSX), the international specialist insurer, fail to acknowledge the threat of a data breach in the Risk Factors section of their SEC 10-K filing. Additionally, of the companies that do include the risk of a data breach in their 10-K, 26 percent fail to mention the consequential financial impact while a further 49 percent failed to identify the reputational impact.
The research, which focused on the most recent 10-K filings of nearly 250 companies within the Fortune 500 in those industry sectors such as air travel, banking, healthcare, retail and utilities that would be expected to handle significant amounts of personal data, also found that:
- Less than half (48 percent) of the specialty retailers in the Fortune 500 mention privacy or data security in the Risk Factors section of their 10-K; while only
- 20 percent of companies in the gas and electric utilities sector make similar mention
“Criminals today know that the real money is no longer to be found in bank safes but on company computers where access to one system could net the confidential information of millions of individuals, leading to fraud on a grand scale,” said Jim Whetstone, Senior Vice President, Hiscox. “Our research shows that corporate America appears to still be far more concerned with identifying the conventional risks such as fire and flood to their business and has not yet fully accepted the extensive financial and reputational damage that a data breach and loss of confidential information can cause.”
“As cyber criminals become more adept at circumventing security technology and security breaches grow in scope and scale, it is key that US companies recognize the risk and do everything practical to protect sensitive company and customer information.”
Additionally, the report also examined in a snapshot survey of 60 companies, whether they had implemented end-to-end encryption. “While there remains no single technology solution to data breaches, we believe it is evident that a defense-in-depth approach to security must extend beyond firewalls and intrusion detection to the next layer - encryption of this information, both while in transit and at rest.” This research found that only 7 percent of companies surveyed had encrypted all of their data despite nearly half having suffered some form of data breach.
“Data breaches are becoming more frequent, sophisticated and financially damaging to US companies,” added Whetstone. “These findings emphasize the need for better collaboration between risk management, IT and legal departments to properly assess this exposure and how it is addressed.”
The full report and methodology of the Hiscox data privacy report can be viewed here.
Ends
For further information please contact:
Cubitt Jacobs & Prosek Communications, New York
|
Caroline Harris |
212 279 3115 x.222 |
charris@cjpcom.com
|
|
Josette Robinson |
212 279 3115
x.212 |
jrobinson@cjpcom.com |
Key findings from the Hiscox data privacy report include:
10-K Risk Factors:
- 38 percent of Fortune 500 companies do not explicitly mention privacy/data breach in the Risk Factors section of their SEC 10-K filing
- Of the companies that did include the risk of a data breach in their 10-K, 26 percent failed to mention the potential financial risk
- 49 percent of companies surveyed failed to identify the reputational risk
Encryption:
- In a separate review of 60 US companies, only 7 percent had implemented end-to-end encryption of sensitive data
- 42 percent of the companies assessed had suffered a data breach
- 47 percent of companies surveyed had not fully implemented laptop encryption
- 29 percent of companies had not fully implemented back-tape encryption
About Hiscox
Hiscox, the international specialist insurer, is headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). There are three main underwriting parts of the Group - Hiscox London Market, Hiscox UK and Europe and Hiscox International. Hiscox London Market underwrites internationally traded business in the London Market - generally large or complex business which needs to be shared with other insurers or needs the international licences of Lloyd's. Hiscox UK and Hiscox Europe offer a range of specialist insurance for professionals and business customers, as well as high net worth individuals. Hiscox International includes operations in Bermuda, Guernsey and USA. Hiscox Insurance Company Limited, Hiscox Underwriting Limited and Hiscox Syndicates Ltd are regulated by the Financial Services Authority.
For further information, visit www.hiscox.com
The ability of syndicates at Lloyd’s of London to do business in the USA and US territories is restricted because they are not US-based insurers. This communication provides general information on Hiscox’s products and services only and is not intended to be, and does not constitute, a solicitation of business by syndicates at Lloyd’s of London from or in respect of the USA or US territories.
Enquiries as to insurance or other products or services from US residents should be directed to an insurance agency or broker licensed to conduct business in the relevant US state, and anyone requiring further information about an insurer’s ability to do business in the USA and US territories should contact an appropriate insurance intermediary for advice.