Businesses outside the US are insufficiently concerned about the risk of malicious cyber attack, according to a new report from Lloyd’s of London.
The insurance market’s Risk Index 2011 report, based on a survey of over 500 global executives, found that the risk of cyber attack moved up the global list of business concerns from number 20 in 2010 to number 12 this year. But this was still "relatively low given the frequency and potential impact of the risk", the report claimed.
The risk of malicious cyber attack ranked as the fourth highest concern among US businesses, behind loss of customers, reputational risk and changing legislation. But in Europe, it ranked 14th; in Asia-Pacific it was 20th and in the rest of the world it was 23rd.
The Lloyd’s report argues that non-US business are failing to face up to the real risk of cyber attack. "Businesses should consider making the need to protect themselves and their customers a much greater priority," it says.
"The evidence of the last two years is incontrovertible," the report reads. "So far, 2011 has seen the hacking of state networks from India to Brazil. For businesses, the incidence and frequency of data breaches have been even more unrelenting; Nintendo, CityGroup, Honda, Toshiba, Pfizer, Sony Playstation, Sega, Nokia, the Hong Kong Stock Exchange, Lockheed Martin and Google."
"Given the roll call of recent victims, even large businesses need to ask if they really understand the nature of the risk to which they are exposed. Are they, in fact, spending money on the right things?"
However, the report also reveals that the risk of cyber attack is now a commercial opportunity for insurers – Lloyd’s of London’s target market. "In March 2011, Lloyd’s insurer Kiln and broker Lockton joined forces to provide cyber insurance to small and medium-sized online retailers."