Topic

Companies that reported cyber incidents during the analysis period have higher risk, as measured by significantly lower ISS Cyber Risk Scores, than firms with no reported incidents.

August 20, 2024

Managing Cyber Risk: Breach Risk Trends in Public Companies

ISS-Corporate Managing Cyber Risk Breach Risk Trends in Public Companies

Below is an excerpt from ISS-Corporate’s recently released paper “Managing Cyber Risk: Breach Trends in Public Companies”. The full paper is available for download from the ISS-Corporate online library.

Introduction

In the two years leading up to January 2024, almost 700 cyber incidents were reported among Russell 3000 companies in the U.S., impacting more than 10% of the firms. One-third of those involved the compromise of a supplier or other third party, and the study also identified substantial third-party aggregate risk concentration across Russell 3000 firms.

KEY TAKEAWAYS

  • One-third of reported incidents among Russell 3000 firms involved a supplier or other third-party relationship, and incidents that impacted a large number of individuals were more likely to have a third-party as the root cause.
  • Aggregate risk exposure across the index is high, with more than 90% of Russell 3000 firms utilizing certain third-party technologies, and more than 1,000 different unique supplier/technology pairings each being utilized by more than 10% of constituent companies.
  • Companies that reported cyber incidents during the analysis period have higher risk, as measured by significantly lower ISS Cyber Risk Scores, than firms with no reported incidents.
  • Of those firms reporting an incident, the score effectively rank-orders incident risk by severity, as measured by the number of individuals impacted.

READ THE FULL PAPER >


By:
Douglas Clare, Managing Director, Cyber Strategy, ISS-Corporate
Brian O’Leary, Senior Associate, Cyber Advisory, ISS-Corporate

Share this
Get WEEKLY email ALERTS ON THE LATEST ISS INSIGHTS.