Once again, cyber-related risks dominate the perceived risks in the survey results from North America. Once again the top 3 risks for directors and officers were tabulated to be “cyber attack” (73% concerned, up from 64% in 2022), “data loss” (68%, up from 62%) and “cyber extortion” (60% up from 54%). The 4th and 5th positions were taken by 2 newly introduced specific cyber-related risks: “cyber crime” (55% concerned) and “sufficient cyber expertise at board level” (38%), both new sub-topics worrying North Americans more than directors and officers in any other region. As we observed last year, while North America has seen many headlines relating to cyber risks (particularly cyber extortion), it is still debatable whether in dollars and cents cyber-related risks for directors and officers deserve all of the top spots on the risk survey. Basically, there aren’t any aspects of cyber risk that are NOT a concern.
73% Cyber Attack
68% Data Loss
60% Cyber Extortion
Coming in at number 6 for North America on the survey was “regulatory breach” (36%), which was also in the top 7 (with higher percentages) for every other region except Australasia. The 7th biggest concern for North American directors and officers was reported to be the state of “systems and controls”; directors and officers are evidently concerned that a failure in systems and controls can lead to various serious problems, including cyber breaches and corporate derivative lawsuits. It should be noted, however, that with regard to all of the other sub-categories related to “governance”, North Americans expressed less concern than all of the other regions (except Australasia).
“Social engineering crime”, the 8th concern in North America, was in a virtual dead heat with “regulatory breach” and “systems and controls”, also scoring a 36% concern level (same as in 2022, when it was the number 5 concern). While social engineering was a substantial concern everywhere except Australasia, it didn’t make anyone’s top 7.
Concerns which were in the top 7 last year and have dropped down the list include COVID-related issues (down from 38% to 19%, for obvious reasons as time goes on) and supplier business practices (down from 33% to 28%, perhaps due to an easing of supply chain issues). Meanwhile, while concerns about climate change rose from 18% to 26% in 2023, North America is still dead last in its concern on this topic.
Looking at “business operation risks” (as opposed to director and officer risks), unsurprisingly North Americans ranked “cyber risks” at the top (75%) and “climate risks” at the bottom (22%), other than Brexit (2%). The #2 and #3 risks identified were “regulatory/legislative change” (60%) and “economic risks” (55%) respectively.
On the insurance coverage side, the #1 concern in North America continues to be “choice of lawyer” (75%), an issue which concerns Europeans and Australasians to a lesser extent and doesn’t make the top charts elsewhere. The second greatest concern, “cover for claims in all jurisdictions” (72%), made the top 7 in every region except Australasia. Number 3 is “cover for cybersecurity-related risks” (70%), a new survey choice which scored high in every region except GB. Interestingly, the 7th highest insurance coverage concern in North America, ‘a broad definition of who is insured” (60%), was a major concern in every region (other than Asia), despite the possibility that broad definitions can dilute available coverage for core insured persons.