Interesting story here on Law360 from the team at Willis Towers Watson PLC and Clyde & Co.LLP

It seems that company directors are most concerned about cyberattacks and data loss issues according to this joint study by the insurance giant and the law firm.

Cyberattacks were ranked top of the five risks named in the survey with 56% of respondents rating it as very significant or extremely significant. Data loss came in second with 49%, and regulatory risks was third with 46%. Health and safety risks came in at 41% followed by employed claims at 38%.

The results are certainly very interesting, but I would say what is most interesting of all is the interconnected nature of many of these risks.. For instance, often with cyberattacks you get data loss (e.g. if data is exfiltrated as part of an attack or is destroyed as part of the attack – for example ransomware).

There is also a regulatory angle we should consider too. With GDPR and similar laws really starting to bite now, if the cyberattack/data loss touches on personal data, then the problems really can be exacerbated.

This study is a good recognition that this is now a board level issue. However - saying that - there are 44% who think they have it sorted. In which case there is either a high risk of complacency or they don’t think it is a risk and therefore have their heads stuck in the sand. This to me is a big concern.

If you want to know more about managing cyber risk, then Lorenzo Grillo would be the best person to talk to.