Data loss and cyber-attacks have been identified as two of the top three risks to directors and officers, according to the latest Cyber Directors’ and Officers’ Survey Report by Willis.
The survey gathered responses from a range of sectors, including the services sector (24%) and finance and insurance (19%), with more than half representing for-profit, private companies. Among those surveyed, Great Britain was the only region to identify cyber-attacks (excluding cyber extortion) as the top risk. In contrast, respondents from North America and the Middle East ranked data loss as their primary concern.
Despite growing awareness of cyber-attacks and recent high-profile incidents, the risk ranking for cyber-attacks reduced by 2% between 2024 and 2025. The remainder of the survey explores potential reasons behind this change.
According to Willis the key points of the report are as follows:
• Frequency of cybersecurity updates: The survey found that the frequency of updates to boards on cyber security shifted. Last year, the survey illustrated that 20% of respondents only updated their board in response to an incident, which has decreased to 12% in 2025. The number of…
