Tech Firms Point to Dependence on Outsourced Vendors as Cyber
Tech Companies’ 10K Disclosures Detail Key Cyber Exposures
Part of Willis Series Analyzing Cyber Risk Disclosure in Public
NEW YORK, March 3, 2014 – In a study of public documents, Willis Group Holdings plc (NYSE:
WSH), the global risk advisor, insurance and reinsurance broker found that technology and
telecommunications companies estimated their cyber exposures at higher levels than others in
the Fortune 1000, an indication that those firms may be underestimating their cyber risk
The Willis Special Report: 10K Disclosures – How Technology and Telecom Companies
Describe Their Cyber Liability Exposures, published today, examines cyber risk disclosures
made by the technology and telecommunications (tech/telecom) sector of the Fortune 1000.
The study is part of an ongoing Willis series reporting on how U.S. public companies are
describing their cyber risks in financial documents.
“We looked at how tech companies estimate their own cyber exposures, and they’re seeing
higher frequency and severity of exposure than others in the Fortune 1000,” said Ann Longmore,
the head of D&O, Fiduciary, and EPL Products for Willis FINEX in North America and co-author
of the study.
“Significantly, they are twice as concerned about outsourced vendor risk,” Longmore added.
The study found that tech/telecom companies reported concerns about the potential for
outsourced vendor risk at a rate more than double other large corporations (25% versus 12%).
Outsourced vendors are comprised of any organization providing data, IT or security services.
“We find this compelling because these companies are by and large the cyber vendors for the
rest of the Fortune 1000. They’re seeing a big risk involving their own kind,” Longmore said.
“Technology and telecommunications providers that are at the heart of our cyber infrastructure –
which, increasingly, is our business infrastructure – are indirectly telling us that our
dependencies on vendors may make us more vulnerable than many companies realize. The
awareness of that vulnerability – or lack of awareness – may have a bearing on liability in this
area as well,” said Christopher Keegan, Senior Vice President, National Resource E&O and e-
risk, Willis FINEX in North America and co-author of the study.
The results suggest a potential shortfall by others in the Fortune 1000 in assessing cyber risk,
Keegan said. “If you’re a passenger in an airplane and you see the pilot putting on a parachute,
it’s probably a good idea to take notice.”
Other key findings of the study include:
The tech/telecom sector disclosed several cyber exposures at a significantly higher rate
than the Fortune 1000, including: loss or disclosure of confidential information, loss of
reputation, malicious acts and cyber liability.
In detailing cyber risk remedies, 44% of tech/telecom companies cited the use of
technical safeguards. However, 20% of tech/telecom companies report inadequate
resources to limit cyber losses. This indicates that technical protections may not be
sufficient to contain some cyber or technology threats.
11% of the sector indicated they purchased insurance for cyber exposures. In Willis’s
view the rate of cyber insurance may be substantially higher, particularly among some
Commenting on the study, Sara Benolken, Willis’s Global Industry Leader for Technology,
Media and Telecommunications said, “The issue of cyber vulnerability through vendors has
been thrust into the spotlight following news reports that a recent breach at a major retailer was
through a vendor’s access to the retailer’s systems. Awareness of outsourced vendor exposure
needs to be high on the radar of all tech and telecom firms.”
Click here to download a free copy of the report.
Willis Group Holdings plc is a leading global risk advisor, insurance and reinsurance broker.
With roots dating to 1828, Willis operates today on every continent with more than 18,000
employees in over 400 offices. Willis offers its clients superior expertise, teamwork, innovation
and market-leading products and professional services in risk management and transfer. Our
experts rank among the world’s leading authorities on analytics, modelling and mitigation
strategies at the intersection of global commerce and extreme events. Find more information at
our Website, www.willis.com, our leadership journal, Resilience, or our up-to-the-minute blog on
breaking news, WillisWire. Across geographies, industries and specialisms, Willis provides its
local and multinational clients with resilience for a risky world.