Business interruption and cyber incidents dominate risk landscape for companies in 2018
Businesses worry about emerging risks and liabilities arising from new technologies. They take aim at the backbone of the connected economy and, when they strike, can jeopardise the success, or even the existence, of companies of every size and sector, according to the Allianz Risk Barometer 2018. Business interruption (ranked top, with 42 per cent of responses / Number one in 2017) and cyber incidents (Number two, with 40 per cent of responses, up from Number three in 2017) are this year’s top business risks globally.
Larger losses from natural catastrophes (Number three, up from Number four in 2017) are also a rising concern for businesses, with the record-breaking 2017 disaster year also ensuring climate change and increasing volatility of weather (Number ten) appears in the top 10 most important risks for the first time. Meanwhile, the risk impact of new technologies is one of the biggest climbers, as companies recognise innovations, such as artificial intelligence or autonomous mobility, could create new liabilities and larger-scale losses, as well as opportunities, in the future. Conversely, businesses are less worried about market developments than 12 months ago.
These are the key findings of the seventh Allianz Risk Barometer, which is published annually by Allianz Global Corporate & Specialty (AGCS). The 2018 report is based on the insight of a record 1,911 risk experts from 80 countries.
“For the first time, business interruption and cyber risk are neck-and-neck in the Allianz Risk Barometer and these risks are increasingly interlinked,” says Chris Fischer Hirs, Chief Executive Officer, AGCS. “Whether resulting from attacks such as WannaCry, or more frequently, system failures, cyber incidents are now a major cause of business interruption for today’s networked companies whose primary assets are often data, service platforms or their groups of customers and suppliers. However, last year’s severe natural disasters remind us that the impact of perennial perils shouldn’t be underestimated either. Risk managers face a highly complex and volatile environment of both traditional business risks and new technology challenges in future.”
New business interruption triggers emerging
Business interruption (BI) is the most important risk for the sixth year in a row, ranking top in 13 countries and the Europe, Asia Pacific, and Africa & Middle East regions. No business is too small to be affected and companies face an increasing number of scenarios, ranging from traditional exposures, such as fire, natural disasters and supply chain disruption, to new triggers stemming from digitalization and interconnectedness that typically come without physical damage, but with high financial loss. Breakdown of core IT systems, terrorism or political violence events, product quality incidents or an unexpected regulatory change can bring businesses to a temporary or prolonged standstill with a devastating effect on revenues.
For the first time, cyber incidents also rank as the most feared BI trigger, according to businesses and risk experts, with BI also considered the largest loss driver after a cyber incident. Cyber risk modeller Cyence, which partners with AGCS and is now part of Guidewire Software, estimates that the average cost impact of a cloud outage lasting more than 12 hours for companies in the financial, healthcare and retail sectors could total $850 million in North America and $700 million in Europe.
BI also ranks as the second most underestimated risk in the Allianz Risk Barometer. “Businesses can be surprised about the actual cause, scope and financial impact of a disruption and underestimate the complexity of ‘getting back to business’. They should continuously fine tune their emergency and business continuity plans to reflect the new BI environment and adequately consider the rising cyber BI threat,” says Volker Muench, Global Property and BI expert, AGCS.
Cyber risks continue to evolve
Cyber incidents continue an upward trend in the Allianz Risk Barometer. Five years ago it ranked at Number 15, this year it is Number two. It also ranks as the most underestimated risk and the major long-term peril.
Recent events such as the WannaCry and Petya ransomware attacks brought significant financial losses to a large number of businesses. Others, such as the Mirai botnet, the largest-ever distributed denial of service (DDoS) attack on major internet platforms and services in Europe and North America, at the end of 2016, demonstrate the interconnectedness of risks and shared reliance on common internet infrastructure and service providers. On an individual level, recently identified security flaws in computer chips in nearly every modern device reveal the cyber vulnerability of modern societies. The potential for so-called cyber hurricane events to occur, where hackers disrupt larger numbers of companies by targeting common infrastructure dependencies, will continue to grow in 2018.
Weather and technology risk on the rise
After a record-breaking $135 billion in insured losses from natural catastrophes alone in 2017 – the highest ever – driven by hurricanes Harvey, Irma and Maria in the United States and the Caribbean, natural catastrophes returns to the top three business risks globally. “The impact of natural catastrophes goes far beyond the physical damage to structures in the affected areas. As industries become leaner and more connected, natural catastrophes can disrupt a large variety of sectors that might not seem directly affected at first glance around the world,” says Ali Shahkarami, Head of Catastrophe Risk Research, AGCS.
Respondents fear that 2017 could be a harbinger of increasing intensity and frequency of natural hazards. Climate change/increasing weather volatility is a new entrant in the Risk Barometer top 10 in 2018 and the loss potential for businesses is further exacerbated by rapid urbanisation in coastal areas.
Meanwhile, the risk impact of new technologies is one of the big movers in the Allianz Risk Barometer, up to Number seven. It also ranks as the second top risk for the long-term future after cyber incidents, with which it is closely interlinked. Vulnerability of automated or even autonomous or self-learning machines to failure or malicious cyber acts, such as extortion or espionage, will increase in future and could have a significant impact if critical infrastructure, such as IT networks or power supply, are involved.
“Although there may be fewer smaller losses due to automation and monitoring minimising the human error factor, this may be replaced by the potential for large-scale losses, once an incident happens,” explains Michael Bruch, Head of Emerging Trends, AGCS. “Businesses also have to prepare for new risks and liabilities as responsibilities shift from human to machine, and therefore to the manufacturer or software supplier. Assignment and coverage of liability will become much more challenging in future.”
Download the report here