Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says.
Nearly 60 percent of retail companies describe their cyber security exposure as "significant," "serious," or "critical," but another 9 percent are not reporting any cyber security exposure at all, according to a report published Wednesday.
According to a study of filings with the Securities and Exchange Commission conducted by risk advisor and insurance broker Willis Group Holdings, almost a tenth of retailers have not reported any cyber risk in financial documents filed with the SEC, which has required such reporting since Oct. 2011. The report describes the non-disclosure as "surprising," given the high-profile breaches recently discovered at retail chains such as Target, Michaels, and Neiman-Marcus.
Among those that did report cyber exposure, the top three risks cited were privacy/loss of confidential data (74%), reputation risk (66%), and cyber liability (61%). Cyber risk at the hands of outsourced vendors ranked at just 9%, a result Willis also describes as "surprising," given the level of outsourcing across the sector and retailers' heavy reliance on third-party technology partners.
Almost half (49%) of retail companies cited the use of technical safeguards as a chief remedy for cyber risk -- more than the Fortune 1000 as a whole (43%), the report states. However, 17% of retail companies reported inadequate resources to limit cyberlosses.
Less than one tenth (9%) of the retail sector indicated that they have purchased insurance for cyber exposures.
Chris Keegan, senior vice president for e-risk at Willis North America and co-author of the report, says the retail industry is "slightly behind the curve" in protecting itself against cyber security threats.
"A series of recent high-profile cyber breaches has pointed a government spotlight at the sector, and Willis expects this scrutiny to continue," Keegan says. "Our advice for retailers is: Don’t wait for the SEC to come knocking on your door."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024