More than half of executives in Australia list cyber attack as their top worry as extortion and ransomware incidents grow, according to the latest Directors’ Liability Survey from Willis Towers Watson and law firm Clyde & Co.

Of Australasian respondents surveyed, 57% listed cyber attack as their number one concern, while 46% named data loss, 46% cyber extortion and 41% the risk of a health & safety/environmental prosecution.

Next came regulatory risk (32%), climate change (31%), economic crime (26%), becoming the focus of a social media campaign (22%), and return to work/covid safety and vaccination status (20%) – a higher ranking than in other regions which was attributed to Australian government responses to covid, including vaccine mandates and prolonged lockdowns, which meant local businesses have needed to pay particular attention to worker safety during the pandemic.

“The results speak to a market that appears comfortable managing traditional risks, such as employment claims, insolvency and regulatory risk, and more concerned with emerging, less well-understood risks such as cyber attacks, data loss and cyber extortion,” Clyde & Co Partner Lucinda Lyons said.

The emergence of cyber extortion as a perceived threat adds a further level of pressure on leaders to implement adequate cybersecurity controls and to react efficiently and effectively in the face of an attack, the report says.

“With a volatile business environment resulting from the pandemic and geopolitical pressures it is no surprise that cyber risks are high on the list of directors’ concerns,” WTW Head of Global Finex Jeremy Wall said.

The significance of shareholder action was lower in Australia than other regions despite Australia being one of the most litigious countries for securities class actions. Ms Lyons says this may reflect a belief that recent government reform of securities law and litigation funding will “have the desired effect,” and also that directors have faced the risk of securities actions in record numbers over the last ten years and have “adapted with robust risk management”.

“We hope this presents an example to directors and officers grappling with the emerging cyber and data loss risks,” she said. “These risks can be managed with appropriate risk mitigation once correctly understood.”

Globally, 65% of respondents ranked cyber-attack risk as very significant or extremely significant, while 63% said the same of data loss, 59% cyber extortion and 49% gave top ranking to regulatory risk.

While climate change still did not appear in the top five worry for any region surveyed, it was number six in Australasia, Britain and Asia.

“When looked at by industry grouping, climate change does make it into the top five for finance and insurance, as well as for energy and utilities,” WTW said.