Skip to main content
Press Release

More than one in 10 firms losing over $10 million due to cyberattacks according to Willis Towers Watson and ESI ThoughtLab

Cyber Risk Management

July 17, 2019

New survey highlights dramatic increase in cyber threats across the globe

ASIA PACIFIC, 17 July 2019 — Annual losses from cyberattacks averaged $4.7 million in the last fiscal year — with more than one in 10 firms losing over $10 million —according to a new report from The Cybersecurity Imperative, a global thought leadership program produced by independent researcher ESI ThoughtLab in conjunction with Willis Towers Watson (NASDAQ: WLTW) and other organizations specialized in cybersecurity and risk management.

The study covered 467 firms across multiple industries in 17 countries revealing that companies worldwide expect to boost their cybersecurity investments by 34% in the next fiscal year, after raising them by 17% the previous year. About 12% of companies surveyed plan to bolster their cybersecurity investments by over 50%. Additionally, since last year, the percentage of companies seeing a significant impact from cybercriminal activities — such as installation of ransomware — has soared, from 57% to 71%.

Peter Foster, chairman, Willis Towers Watson Global FINEX Cyber and Cyber Risk Solutions, said, “It is clear from the findings that companies are experiencing escalating impacts this year from key adversaries, including cybercriminals, malicious insiders and state-sponsored hackers, often from jurisdictions beyond the reach of local law. Establishing a continuous assessment through an integrated risk approach to cyber is critical for mitigating this ever-growing risk.”

The study also highlighted that most companies across industries and regions are witnessing a greater volume of cyber attacks and higher losses per incident. For instance, companies in China, Japan and India are seeing an estimated average loss of close to 10% of their revenue.

“Other than the direct costs such as financial expenses and fines arising as a result of cyber breaches, indirect costs such as opportunity costs, reputational damage and loss of customers can be equally or even more costly to companies. While the immediate losses from an incident may not be catastrophic, it may take more than five years for a company to feel the full financial consequences, particularly if a company has lost their competitive advantage as a market leader. It is therefore important for companies to take an integrated approach in assessing and managing their reputational risks,” added Jessica Wright, Cyber Leader Asia, Corporate Risk & Broking at Willis Towers Watson.

The research shows that to combat evolving risks, companies need to take a proactive, multi-layered defense. Firms are responding by allocating the biggest share of their budgets to technology, while seeking the right balance between investments in people and process. They are also focusing more on risk identification to address emerging vulnerabilities and are investing more in resilience to ensure they can respond quickly to successful attacks.

Other calls to action from the study include:

  • Make sure you are investing enough in cybersecurity. Some industries, such as media and consumer markets, are allocating less and may be more exposed to cyber risks.
  • Think of cybersecurity like any other existential threat to your business. The risks are not just about privacy, liability and stealing data; huge operational risks can also occur if business is interrupted, with reputational impacts that can hurt market positions.
  • Pay attention to risks from partners and your supply chain. As firms draw on ecosystems of third parties to drive digital transformation, they increase their vulnerabilities to cyber risks.
  • Be aware that legal and regulatory risks are also rising substantially. Companies that do not comply with new standards face hefty penalties and legal consequences.
  • Measure your full losses, costs and returns. When hit by a successful cyberattack, you need to understand all your costs — direct and indirect, tangible and intangible.

The survey was carried out in the spring of 2019 as part of a global research initiative titled The Cybersecurity Imperative. The current survey is a follow-up to a more comprehensive survey of 1,300 companies conducted in the fall of 2018.

For more insights on perceived threats, cybersecurity maturity and investment, the full report may be downloaded here.

About Willis Towers Watson

Willis Towers Watson (NASDAQ: WLTW) is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 45,000 employees serving more than 140 countries and markets. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas — the dynamic formula that drives business performance. Together, we unlock potential.

Contact Us
Related content tags, list of links Press Release Cyber Risk Management Hong Kong China India Japan