For business executives in the United States and Canada, cyberattacks are now the number one risk to doing business, according to the recent World Economic Forum (WEF) report Regional Risks for Doing Business 2018.
Jeremy S. Platt, Managing Director and Cyber Solutions Specialty Practice Leader at Guy Carpenter, says: “2017 was an important year in cybersecurity because businesses around the globe learned firsthand how far-reaching and devastating a cyberattack can be on a business. Last year, WannaCry and Petya/NotPetya proved the speed and breadth at which cyberattacks were able to cause widespread disruption, damages and loss at magnitudes not previously considered.”
A similar study by WEF, Global Risks Report 2018, notes that the WannaCry ransomware attack affected 300,000 machines across 150 countries and Petya/NotPetya caused significant corporate losses. According to the study, some individual multinational companies reported losses of around USD 300 million in a single quarter in 2017.
“WannaCry and Petya/NotPetya cyberattacks forced the reinsurance community to take a hard look at affirmative Network Security and Privacy offerings in addition to the potential exposures to cyber risk that may be lurking in traditional property and casualty policies where cyber exposure may be unintended or ’silent,’” says Mr. Platt.
According to the WEF, the pace and scale of cyberattacks are increasing rapidly. In Canada, 87 percent of businesses reported being the victim of a successful breach in 2017. In early 2018, in a hearing before the Senate Select Committee on Intelligence, the U.S. Director of National Intelligence cited cyber vulnerability as a top risk for government and businesses.
The Regional Risks for Doing Business 2018 report says the risk of “data fraud or theft” is also a concern in the region, ranking third in the United States and seventh in Canada. Of the Canadian companies that experienced a cyberattack in 2017, almost half lost sensitive data. The report adds that in 20 percent of cases, sensitive customer or employee data was exposed.
In the United States, a majority of the population - 65 percent - has experienced a personal data breach according to the Pew Research Center. Concerns about data-related risks in the United States may also have been heightened by widespread reporting about the exploitation of social media networks for political purpose, the study says.
New regulatory regimes have emerged that govern personal data privacy and (re)insurers’ obligations for protecting customer and company data. In June 2017, the state of California adopted the California Consumer Privacy Act of 2018. The law goes into effect on January 1, 2020, allowing lawmakers to propose changes before it becomes enforceable. Compliance with the law will most likely increase the costs of doing business.
In Canada, recently passed Canadian legislation will require companies covered under federal law to report data breaches to customers, affected third parties and the federal privacy commissioner, according to Regional Risks for Doing Business 2018.
Download WEF’s Regional Risks for Doing Business 2018 >>
Guy Carpenter’s parent company, Marsh & McLennan Companies, is a strategic partner of the World Economic Forum (WEF) on the global risks agenda.