Willis to study how U.S. companies respond to federal guidance around cyber attacks

Willis Group Holdings is looking to get a fix on how U.S. companies are responding to federal guidance around cyber attacks, information that can be used by an organization to better assess risk at the macro level and see how it stacks up against its peers.

The global insurance broker has launched a proprietary study to monitor reaction to formal guidance from the U.S. Securities and Exchange Commission that calls on companies to address their exposure to cyber attacks and disclose how they would respond financially to any potential loss. The SEC wishes to monitor how cyber exposures are quantified and how — or if — relevant insurance coverage is disclosed.

The pre- and post-attack disclosures are intended to help investors understand the risk/reward relationship in the enterprises in which they potentially invest.

But providing the detailed information represents “a major event – and possibly a game-changer for some public firms as it impacts how firms view and measure ‘materiality,’” notes a statement from Willis Group. There are real risks related to cyber exposure and potentially additional risks to directors and officers, the company adds.

The study continues through 2012 and beyond. It will consider variations in initial disclosures among all filers as well as among companies in the same industry with similar corporate footprints. Detailed and sector-specific conclusions are anticipated to be shared with clients on a quarterly basis, with executive summaries released publicly starting in May.