Cyber Risk Disclosure On The Rise

Cybersecurity continues to be a top priority for management. PwC’s 2016 Global Economic Crime Survey found that “61% of CEOs [in the survey] are concerned about cyber security.” However, “only 37% of respondents […] have a fully operational incident response plan.”

Information from the risk factors of Russell 3000 companies also indicates that cybersecurity is still a growing concern. In 2015, 89% of companies disclosed some form of cybersecurity risk. That number rose to 93% of Russell 3000 companies as of November 15, 2016.

cyber-table-11-23-16Cybersecurity disclosure has increased across all industries. Two industries have almost 100% reporting. All but one company in each the Construction and Retail Trade industries disclosed cybersecurity concerns in their risk factors.

Company concerns are well founded. Public companies have reported 46 data breaches in 2016. This is up from 43 in 2015, though well below the high of 59 in 2014. This year also saw the largest data breach of a public company. On September 22, 2016, Yahoo Inc. disclosed the breach of more than 500 million accounts. Though the breach did not impact financial information, it may still have major repercussions. The breach has resulted in 23 class action lawsuits and has reportedly clouded Verizon Communication’s acquisition of Yahoo.

cyber-graph-11-23-16Cybersecurity is an ever present risk for all stakeholders. During times of increased consumer activity, that risk grows. So, as we progress to the holiday shopping season, it will be important for public companies to not only focus resources on helping customers buy merchandise, but to also protect consumer data. And if a company unfortunately does fall victim to a cyber threat, companies must address and properly disclose those cyber incidents to all stakeholders.