Willis Group Holdings (NYSE: WSH), the global insurance broker, said today it launched a proprietary study to monitor how U.S. public companies are responding to the U.S. Securities and Exchange Commission’s (SEC) new guidance on cyber exposure disclosures. The recent formal guidance from the SEC’s Division of Corporate Finance calls on public companies to address their exposure to cyber attacks and disclose how they will respond financially to the potential loss. In Willis’ view, for the SEC to single out any one area of exposure for specific financial disclosure by public companies is rare, making the formal guidance that public companies provide detailed information about their potential exposure to cyber attacks a major event – and possibly a game changer for some public firms as it impacts how firms view and measure “materiality.” The SEC intended the new disclosures to help investors understand the risk/reward relationship in the enterprises in which they potentially invest. The Commission’s guidance includes a non-exclusive list of specific, detailed elements for cyber exposure disclosure both pre- and post-attack. Willis is launching its study to coincide with the first round of financial disclosures for accelerated filers, representing roughly 750 firms, including some of the biggest U.S. companies. The study will continue through 2012 and beyond, eventually capturing information from all U.S. public companies with respect to cyber disclosure. The initiative is part of Willis’ strategy to help organizations better understand and evaluate cyber risk, while adding to a firms’ ability to understand where they sit when measured against their peers. In Willis’ view there are real risks to organizations related to cyber exposure and potentially additional risks to directors and officers with this new disclosure guidance. One goal of the Willis study is to help organizations track the emerging disclosure standards being applied. Willis will monitor key Information and data points including:
- How the cyber exposures of each organization are quantified in terms of the impact on the firm’s business and reputation
- Whether new disclosures of past cyber hacking events (possibly due to a broader interpretation of materiality in the SEC’s guidance) are required
- The role of interdependencies among clients, customers and vendors
- The challenges and costs of remediation
- How (and if) relevant insurance coverage is disclosed
Commenting on the survey, Geoffrey K. Allen, Executive Vice President, Cyber Risk and E&O Product Team Leader, FINEX, North America, said, “Willis believes this information – much of it never before disclosed – will yield some very interesting results and be an important guide for companies in assessing their exposures at a macro level. In addition, in the early stages of the development of cyber risk disclosure it is important for companies to understand what their peers are doing so they can be among the best.”Willis intends to share detailed and sector-related summary report conclusions with clients on a quarterly basis, and will make executive summaries available publicly beginning May 2012. Individual companies will not be identified in the survey results. Willis’ industry-leading Cyber Practice is supported by 18 professionals across North America. Teams of professionals work with organizations to develop strategic cyber risk management programs, model frequency and severity of privacy loss exposure (together with the relative cost/benefit of retaining or transferring risk to the insurance market using Willis’ proprietary PRISM tool), review and strengthen contracts with service provider and vendors and work with the insurance marketplace to develop innovative solutions to address the rapidly changing profile of cyber exposures. About Willis Willis Group Holdings plc is a leading global insurance broker. Through its subsidiaries, Willis develops and delivers professional insurance, reinsurance, risk management, financial and human resource consulting and actuarial services to corporations, public entities and institutions around the world. Willis has more than 400 offices in nearly 120 countries, with a global team of approximately 17,000 employees serving clients in virtually every part of the world. Additional information on Willis may be found at www.willis.com.