Cyber extortion and ransomware rising up directors’ agenda

Published on Wed, 27/04/2022 - 12:52

Cyber-attacks and data loss are the risks most concerning directors & officers, according to WTW and Clyde & Co’s latest Directors Liability survey, but extortion and ransomware are of increasing prominence.

The 2022 Directors Liability Survey Report covers risks for directors around the world and highlighted how cyber was now the dominant topic in the boardroom.

Sixty-five per cent of respondents said the risk of cyber-attack is very significant or extremely significant, while 63% said the same of data loss. Fifty-nine per cent fear very significant or extreme significant risk of cyber extortion and 49% regarding regulatory risk.

“With a volatile business environment resulting from the pandemic and geopolitical pressures it is no surprise that cyber risks are high on the list of directors’ concerns,” said Jeremy Wall, Head of Global Finex at WTW.

“Emerging risks such as climate change are also spotlighted and we believe the report will provide a great resource to support directors and risk managers when refining their risk management strategies.”

COP26, combined with increasing governmental and regulatory measures has driven up concerns around climate change risk in some regions. Climate risk has not made the top 5 risks for directors in any region covered by the survey, but it is the number six risk in the UK, Asia and Australasia.

James Cooper, Chair of the Global Insurance Practice Group and head of the Financial Institutions and D&O team at Clyde & Co, said: “What emerges in this report is a complex network of globally interconnected and evolving risks that leaders should not consider in isolation.

“Foremost in the survey is cyber risk – a multi-varied and ever-evolving risk, with a variety of significant consequences should an attack occur and data is lost. While it is no surprise that cyber-attacks and data loss lead the risk ranking once again, the emergence of cyber extortion as a perceived threat adds a further level of pressure on leaders to implement adequate cybersecurity controls and to react efficiently and effectively in the face of an attack."