It is virtually impossible to do business today without using technology and telecommunications, both directly and indirectly, in the delivery and payment of goods and services. “Critical infrastructure” is what the federal government labeled this sector.
So we were particularly interested in how this group of companies responded to the call from the U.S. Securities and Exchange Commission for U.S. public companies to disclose their potential exposure to cyber hack attacks.
Tech/Telecom, the Canary in the Coal Mine?
Our recent Special Report on disclosures by the technology and telecommunications (tech/telecom) sector of the Fortune 1000 surfaced some interesting issues—the most important of which may be what other companies didn’t say in their corporate disclosures concerning their own cyber exposures.
Compared with other Fortune 1000 companies, tech/telecom firms reported in significantly higher numbers that their cyber risk is significant, serious, material or critical. This is interesting in itself, but even more so given the likelihood that these tech/telecom firms count many or most other Fortune 1000 companies as their clients—implying interconnected if not overlapping exposures.
What Kinds of Cyber Risks?
We found similar heightened disclosures by tech/telecom firms versus the Fortune 1000 (their clients and customers) when it came to how individual cyber risks might be manifested (see chart, right).
It may seem positive that, when it came to remedies to these exposures, tech/telecom companies cited the use of technical safeguards on par with the rate disclosed by Fortune 1000 companies as a whole: 44%. But 20% of tech/telecom companies report inadequate resources to limit cyber losses, so any sense of relief may be premature.