Business interruption (# 1 with 42% of responses / # 1 in 2017) and Cyber incidents (# 2 with 40% of responses, up from # 3 in 2017) are this year’s top business risks globally, according to the Allianz Risk Barometer 2018. In India, the top two risks are ranked in reverse, with Cyber taking the top spot with a 7% lead over Business Interruption.
These are the key findings of the seventh Allianz Risk Barometer, which is published annually by Allianz Global Corporate & Specialty (AGCS).The 2018 report is based on the insights of a record 1,911 risk experts from 80 countries which includes 372 respondents from Asia.
They take aim at the backbone of the connected economy and, when they strike, can jeopardize the success, or even the existence, of companies of every size and sector.
“For the first time, business interruption and cyber risk are neck-and-neck globally in the Allianz Risk Barometer and these risks are increasingly interlinked,” says Chris Fischer Hirs, Chief Executive Officer, AGCS. “Whether resulting from attacks such as WannaCry, or more frequently, system failures, cyber incidents are now a major cause of business interruption for today’s networked companies whose primary assets are often data, service platforms or their groups of customers and suppliers. However, last year’s severe natural disasters remind us that the impact of perennial perils shouldn’t be underestimated either. Risk managers face a highly complex and volatile environment of both traditional business risks and new technology challenges in future.”
New business interruption triggers emerging
Business interruption (BI) is the most important risk globally for the sixth year in a row, ranking top in 13 countries and the Europe, Asia Pacific, and Africa & Middle East regions. No business is too small to be impacted. Companies face an increasing number of scenarios, ranging from traditional exposures, such as fire, natural disasters and supply chain disruption, to new triggers stemming from digitalization and interconnectedness that typically come without physical damage, but with high financial loss. Breakdown of core IT systems, terrorism or political violence events, product quality incidents or an unexpected regulatory change can bring businesses to a temporary or prolonged standstill with a devastating effect on revenues.
For the first time, cyber incidents also rank as the most feared BI trigger, according to businesses and risk experts, with BI also considered the largest loss driver after a cyber incident. Cyber-attacks caused businesses to lose revenues of approximately $81 billion in the Asia-Pacific region between September 2014 and September 2015.
BI also ranks as the second most underestimated risk in the Allianz Risk Barometer. “Businesses can be surprised about the actual cause, scope and financial impact of a disruption and underestimate the complexity of ‘getting back to business’. They should continuously fine tune their emergency and business continuity plans to reflect the new BI environment and adequately consider the rising cyber BI threat,” says Volker Muench, Global Property and BI expert, AGCS.
Cyber risks continue to evolve
Cyber incidents continues its upward trend in the Allianz Risk Barometer. Five years ago it ranked # 15. In 2018 it is # 2 globally. Multiple threats such as data breaches, network liability, hacker attacks or cyber BI, ensure it is the top business risk in 11 surveyed countries including India, Singapore and Indonesia. It also ranks as the most underestimated risk and the major long-term peril.
In India, the Reserve Bank of India revealed that from 2014-2017, banks across the country lost about US$37.87 million (Rs252 crore) to cyber crime or an average of $1388 (Rs88,553) an hour. Across Asia Pacific, businesses also saw their operations disrupted by recent events such as the WannaCry and Petya ransomware attacks, which brought significant financial losses to a large number of businesses in other parts of the world. On an individual level, recently identified security flaws in computer chips in nearly every modern device reveal the cyber vulnerability of modern societies. The potential for so-called “cyber hurricane” events to occur, where hackers disrupt larger numbers of companies by targeting common infrastructure dependencies, will continue to grow in 2018.
“The rise in cyber crime is not just an indication of vulnerable back-end systems but also a warning that businesses cannot underestimate the threat any longer. Experience has shown that a company’s response to a cyber crisis, such as a breach, has a direct impact on the cost, as well as on a company’s reputation and market value,” says AGCS’s Global Head of Cyber, Emy Donavan.
Cyber threats also vary according to company size or industry. “Small companies are likely to be crippled if hit with a ransomware attack, while larger firms are targets of a greater range of threats, such as the distributed denial of service (DDoS) attacks which can overwhelm systems,” says Donavan.
Allianz Risk Barometer results show that awareness of the cyber threat is soaring among small- and medium-sized businesses, with a significant jump from # 6 to # 2 for small companies and from # 3 to # 1 for medium-sized companies. With regard to sector exposure, cyber incidents rank top in the Entertainment & Media, Financial Services, Technology and Telecommunications industries.
Market Developments and Regulation rising concerns
Globally, businesses are less concerned about the risk of Market Developments, however in India the scenario is the reverse. With Foreign Direct Investment (FDI) in India increasingly steadily over the last three years and hitting an all-time high in 2016-2017 at $60.08 billion, companies in India are grappling with intensified competition and increased M&A activity. With record amounts of cash on balance sheets, another M&A wave is expected in 2018, as increasing share buybacks cast doubt on the ability to grow organically in the face of the digital revolution.
In addition to this, in light of the Government’s push towards market liberalization, businesses are also faced with increased regulatory reform, which places additional pressure on compliance costs and efficiency.
Weather and technology risk on the rise
After a record-breaking $135 billion in insured losses from natural catastrophes alone in 2017 – the highest ever – driven by hurricanes Harvey, Irma and Maria in the United States and the Caribbean, Natural catastrophes returns to the top three business risks globally and at fourth place in India. In Asia, Typhoon Hato wreaked havoc in Hong Kong, Macau and southern China and was the worst natural disaster Macau had encountered in more than 50 years.
In India, widespread floods continued to plague the country last year and are expected to be a perennial challenge. According to AGCS research, of the Top 10 global cities ranked by assets, most exposed to flooding in the next 50 years, two cities are from India (Mumbai & Calcutta). The remaining eight cities hail from US, China, Japan and Thailand.
“In terms of insured losses, 2017 was the costliest natural catastrophe year in five years. Despite most catastrophes taking place in North America and Mexico, they still impact Asia, as 50% of claims by value are from companies not based in these areas but from subsidiaries of multi-national companies located outside the disaster zones,” says Mark Mitchell, Chief Executive Officer, AGCS Asia. “This reflects the growing trend of globalization and the need for multinational companies to adopt a global approach to risk exposures and insurance coverage. As manufacturing shifts east, Asia is increasingly exposed to such disasters because of economic growth and concentration of suppliers. Manufacturing and outsourced services have migrated to China, India and other high-growth markets in South East Asia and so too have large claims.”
“The impact of natural catastrophes goes far beyond the physical damage to structures in the affected areas. As industries become leaner and more connected, natural catastrophes can disrupt a large variety of sectors that might not seem directly affected at first glance around the world,” adds Ali Shahkarami, Head of Catastrophe Risk Research, AGCS.