Bermuda-based specialist insurer Hiscox has revealed that 38 percent of Fortune 500 companies fail to acknowledge the threat of a data breach in the risk factors section of their Securities and Exchange Commission (SEC) 10-K filing.

Hiscox's report, which focused on the most recent 10-K filings of almost 250 companies in the Fortune 500 in those industries, such as air travel, banking, healthcare, retail and utilities that would be expected to handle significant amounts of personal data, also showed that, of the companies that do include the risk of a data breach in their 10-K, 26 percent do not mention the consequential financial impact, while a further 49 percent failed to identify the reputational impact.

The research also found that less than half (48 percent) of the specialty retailers in the Fortune 500 mentioned privacy or data security in the risk factors section of their 10-K; while only 20 percent of companies in the gas and electric utilities sector make a similar mention.

"Criminals today know that the real money is no longer to be found in bank safes but on company computers where access to one system could net the confidential information of millions of individuals, leading to fraud on a grand scale," said Jim Whetstone, senior vice-president of Hiscox. "Our research shows that corporate America appears to still be far more concerned with identifying the conventional risks such as fire and flood to their business and has not yet fully accepted the extensive financial and reputational damage that a data breach and loss of confidential information can cause."

"As cyber criminals become more adept at circumventing security technology and security breaches grow in scope and scale, it is key that US companies recognize the risk and do everything practical to protect sensitive company and customer information."

Additionally, the report examined in a snapshot survey of 60 companies, whether they had implemented end-to-end encryption.

"While there remains no single technology solution to data breaches, we believe it is evident that a defense-in-depth approach to security must extend beyond firewalls and intrusion detection to the next layer - encryption of this information, both while in transit and at rest," the report concluded.

This study found that just seven percent of companies surveyed had encrypted all of their data, despite nearly half having suffered some form of data breach.

"Data breaches are becoming more frequent, sophisticated and financially damaging to US companies," added Mr. Whetstone. "These findings emphasise the need for better collaboration between risk management, IT and legal departments to properly assess this exposure and how it is addressed."

The full report and methodology of the Hiscox data privacy report can be found on the Hiscox website at www.hiscox.com