Cyber attacks and data loss are the top risks facing directors and officers, with COVID-19 and the forced change in working practices serving to heighten the concerns, said Willis Towers Watson recently when releasing results of a survey.
The survey, covering UK, Europe, Asia Pacific, and the US and jointly conducted with law firm Clyde & Co, identifies the key risks for directors across the globe with cyber-attacks.
- 56% of respondents saying the risk was very significant or extremely significant.
- Data loss (49%), regulatory risk (46%), health and safety risk (41%), and the risk of employment claims (38%) make up the Top 5 risks this year
- Increased vulnerability to data loss is resulting from business moving to new procedures and systems overnight due to the COVID-19 pandemic with remote working creating a fertile ground for cyber criminals.
- Regulatory and litigation risk continues to challenge organisations with board diversity now becoming mandatory to most businesses.
- Expected concern about insolvency featured considerably lower than in the last survey despite speculation of a potential wave of insolvencies.
Asia Pacific sees stark rise in security events
In Asia Pacific, 42% of respondents stated cyber-attacks as their top concern, according to survey results.
This may be attributable to the stark rise in publicised data breach events in the region in the last 18 months, combined with the trend of tightening data protection laws, with certain jurisdictions in Asia becoming more aligned to the penalties and obligations set out in the GDPR, Jennifer Tiang, Regional Cyber Leader for Asia at Willis Towers Watson pointed out.
This February, for example, Singapore introduced harsher penalties and mandatory reporting obligations for significant data breach events under its Personal Data Protection Act, she observed.
Cyber attack a much broader issue
The survey results reflect the growing realisation that cyber risk is not simply an issue to be handled by an organisation’s IT team, Tiang said.
“From cyber-attack to data loss, the financial impacts of a cyber event can be catastrophic,” she noted.
Cyber attacks and data loss is a much broader issue cutting across all spheres of business and necessarily draws together stakeholders from risk, legal and IT teams, as well as requiring awareness of all employees from the ground up and board oversight from the top down, she added.