NU Online News Service, April 20, 3:50 p.m. EDT
U.S. companies are continuing to underestimate the impact of data breaches and have not disclosed what their exposure to such risk is, according to a new survey.
The findings were reported by Bermuda-based specialist insurer Hiscox, which said that 38 percent of major companies they surveyed failed to acknowledge the threat of a data breach in the Risk Factors section of their Securities and Exchange Commission 10-K filing.
Additionally, Hiscox said of the companies that do include the risk of a data breach in their 10-K, 26 percent fail to mention the consequential financial impact while a further 49 percent failed to identify the reputational impact.
The research, which focused on the most recent 10-K filings of nearly 250 companies within the Fortune 500 in those industry sectors such as air travel, banking, health care, retail and utilities that would be expected to handle significant amounts of personal data, also found that:
o Less than half (48 percent) of the specialty retailers mention privacy or data security in the Risk Factors section of their 10-K.
o Only 20 percent of companies in the gas and electric utilities sector make mention of privacy or date security as a risk factor.
Jim Whetstone, Hiscox senior vice president, said, "Criminals today know that the real money is no longer to be found in bank safes but on company computers where access to one system could net the confidential information of millions of individuals, leading to fraud on a grand scale."
Mr. Whetstone added that the Hiscox survey demonstrates that "corporate America appears to still be far more concerned with identifying the conventional risks such as fire and flood to their business and has not yet fully accepted the extensive financial and reputational damage that a data breach and loss of confidential information can cause."
He noted, "As cyber criminals become more adept at circumventing security technology and security breaches grow in scope and scale, it is key that US companies recognize the risk and do everything practical to protect sensitive company and customer information."
The report also examined in a snapshot survey of 60 companies whether they had implemented end-to-end encryption.
Hiscox said it believes it is "evident that a defense-in-depth approach to security must extend beyond firewalls and intrusion detection to the next layer--encryption of this information, both while in transit and at rest."
The study found only 7 percent of companies surveyed had encrypted all of their data despite nearly half having suffered some form of data breach.
"Data breaches are becoming more frequent, sophisticated and financially damaging to U.S. companies," said Mr. Whetstone. "These findings emphasize the need for better collaboration between risk management, IT and legal departments to properly assess this exposure and how it is addressed."
The full report is online at www.hiscox.com.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.