Willis Launches Cyber Disclosure Study
Broker to Analyze U.S. Public Companies Response to Recent SEC Guidelines on Cyber Exposures
NEW YORK--(BUSINESS WIRE)-- Willis Group Holdings (WSH), the global insurance broker, said today it launched a proprietary study to monitor how U.S. public companies are responding to the U.S. Securities and Exchange Commissions (SEC) new guidance on cyber exposure disclosures.
The recent formal guidance from the SECs Division of Corporate Finance calls on public companies to address their exposure to cyber attacks and disclose how they will respond financially to the potential loss.
In Willis view, for the SEC to single out any one area of exposure for specific financial disclosure by public companies is rare, making the formal guidance that public companies provide detailed information about their potential exposure to cyber attacks a major event and possibly a game changer for some public firms as it impacts how firms view and measure materiality. The SEC intended the new disclosures to help investors understand the risk/reward relationship in the enterprises in which they potentially invest. The Commissions guidance includes a non-exclusive list of specific, detailed elements for cyber exposure disclosure both pre- and post-attack.
Willis is launching its study to coincide with the first round of financial disclosures for accelerated filers, representing roughly 750 firms, including some of the biggest U.S. companies. The study will continue through 2012 and beyond, eventually capturing information from all U.S. public companies with respect to cyber disclosure. The initiative is part of Willis strategy to help organizations better understand and evaluate cyber risk, while adding to a firms ability to understand where they sit when measured against their peers. In Willis view there are real risks to organizations related to cyber exposure and potentially additional risks to directors and officers with this new disclosure guidance. One goal of the Willis study is to help organizations track the emerging disclosure standards being applied.
Willis will monitor key Information and data points including:
- How the cyber exposures of each organization are quantified in terms of the impact on the firms business and reputation
- Whether new disclosures of past cyber hacking events (possibly due to a broader interpretation of materiality in the SECs guidance) are required
- The role of interdependencies among clients, customers and vendors
- The challenges and costs of remediation
- How (and if) relevant insurance coverage is disclosed
The Willis Study will consider the variations in these initial disclosures between all filers as well as between companies in the same industry with similar corporate footprints. In addition, Willis will examine Fortune 500 companies both as a group and across industries as we consider the new disclosures in the energy, financial, health care, hospitality, manufacturing, retail, technology and transportation sectors, along with select subsectors.
Commenting on the survey, Geoffrey K. Allen, Executive Vice President, Cyber Risk and E&O Product Team Leader, FINEX, North America, said, Willis believes this information much of it never before disclosed will yield some very interesting results and be an important guide for companies in assessing their exposures at a macro level. In addition, in the early stages of the development of cyber risk disclosure it is important for companies to understand what their peers are doing so they can be among the best.
Willis intends to share detailed and sector-related summary report conclusions with clients on a quarterly basis, and will make executive summaries available publicly beginning May 2012. Individual companies will not be identified in the survey results.
Willis industry-leading Cyber Practice is supported by 18 professionals across North America. Teams of professionals work with organizations to develop strategic cyber risk management programs, model frequency and severity of privacy loss exposure (together with the relative cost/benefit of retaining or transferring risk to the insurance market using Willis proprietary PRISM tool), review and strengthen contracts with service provider and vendors and work with the insurance marketplace to develop innovative solutions to address the rapidly changing profile of cyber exposures.
Willis Group Holdings plc is a leading global insurance broker. Through its subsidiaries, Willis develops and delivers professional insurance, reinsurance, risk management, financial and human resource consulting and actuarial services to corporations, public entities and institutions around the world. Willis has more than 400 offices in nearly 120 countries, with a global team of approximately 17,000 employees serving clients in virtually every part of the world. Additional information on Willis may be found at www.willis.com.
Willis Group Holdings plc
Colleen McCarthy, +1-212-915-8307
Peter Poillon, +1-212-915-8084
Source: Willis Group Holdings plcCopyright Business Wire 2012