Cyber threats to keep businesses awake at night
Like natural disasters, a cyber attack can potentially impact hundreds of companies and incidents have escalated. Cyber incidents (#1 with 60% of responses) are this year’s top business risk in the UK, according to the Allianz Risk Barometer 2018. So-called 'cyber hurricane' events, where hackers disrupt large numbers of companies through common internet infrastructure dependencies, are increasing.
“Every company has been, or will be impacted by cyber risk. Far from being over-hyped, the threat is under-appreciated and not always well understood,” according to AGCS UK CEO, Brian Kirwan.
“With an increase in the demand for our cyber risk products and in the volume of claims, it’s no surprise to see cyber as the top risk again for businesses in the UK. Meanwhile, the challenging macro-economic environment, uncertainty around Brexit, new barriers to trade, growing economic and financial balkanization and threat of terrorism will continue to drive up volatility. We need to adapt to the evolving landscape to help our clients understand, manage and protect against these complex risks in 2018.”
The introduction of the General Data Protection Regulation (GDPR) across Europe in May 2018 will intensify cyber risk scrutiny further, bringing the prospect of more, and larger, fines for businesses who do not comply. Time is running out to be GDPR-ready.
“Compared to the US where privacy laws have been strict for decades and cyber security and privacy regulation is continuously evolving, firms in Europe now also have to prepare for tougher liabilities and notification requirements. Many businesses will quickly realise that privacy issues can create hard costs once the GDPR is fully implemented,” said AGCS’s Global Head of Cyber, Emy Donavan.
“Past experience has shown that a company’s response to a cyber crisis, such as a breach, has a direct impact on the cost, as well as on a company’s reputation and market value. This will become even more the case under the GDPR.”
Changes in legislation and regulation, including: Brexit, a change in government, protectionism and the threat of Euro-Zone disintegration is a growing concern for UK business (#2 with 38% of responses, up from #5 with 23% or responses in 2017).
Cyber risks continue to evolve globally
Cyber incidents continues its upward trend globally in the Allianz Risk Barometer. Five years ago it ranked #15. In 2018 it is #2. Multiple threats such as data breaches, network liability, hacker attacks or cyber BI, ensure it is the top business risk in 11 surveyed countries and the Americas region and #2 in Europe and Asia Pacific. It also ranks as the most underestimated risk and the major long-term peril.
Recent events such as the WannaCry and Petya ransomware attacks brought significant financial losses to a large number of businesses. Others, such as the Mirai botnet, the largest-ever Distributed Denial of Service (DDoS) attack on major internet platforms and services in Europe and North America, at the end of 2016, demonstrate the interconnectedness of risks and shared reliance on common internet infrastructure and service providers.
On an individual level, recently identified security flaws in computer chips in nearly every modern device reveal the cyber vulnerability of modern societies. The potential for so-called 'cyber hurricane' events to occur, will continue to grow in 2018.
Allianz Risk Barometer results show that awareness of the cyber threat is soaring among small- and medium-sized businesses, with a significant jump from #6 to #2 for small companies and from #3 to #1 for medium-sized companies. With regard to sector exposure, cyber incidents rank top in the Entertainment & Media, Financial Services, Technology and Telecommunications industries.
They take aim at the backbone of the connected economy and, when they strike, can jeopardise the success, or even the existence, of companies of every size and sector. Business interruption (#1 with 42% of responses / #1 in 2017) and Cyber incidents (# 2 with 40% of responses, up from #3 in 2017) are this year’s top business risks globally, according to the Allianz Risk Barometer 2018.
Larger losses from natural catastrophes (#3 with 30% of responses, up from #4 in 2017) are also a rising concern for businesses, with the record-breaking 2017 disaster year also ensuring Climate change and increasing volatility of weather (#10) appears in the top 10 most important risks for the first time.
Meanwhile, the risk impact of New technologies (#7 2018 / #10 2017) is one of the biggest climbers, as companies recognise innovations such as artificial intelligence or autonomous mobility could create new liabilities and larger-scale losses, as well as opportunities, in future. Conversely, businesses are less worried about Market developments (#4 2018 / #2 2017) than 12 months ago.
These are the key findings of the seventh Allianz Risk Barometer, which is published annually by Allianz Global Corporate & Specialty (AGCS).The 2018 report is based on the insight of a record 1,911 risk experts from 80 countries.
“For the first time, business interruption and cyber risk are neck-and-neck in the Allianz Risk Barometer and these risks are increasingly interlinked,” said Chris Fischer Hirs, Chief Executive Officer, AGCS.
“Whether resulting from attacks such as WannaCry, or more frequently, system failures, cyber incidents are now a major cause of business interruption for today’s networked companies whose primary assets are often data, service platforms or their groups of customers and suppliers. However, last year’s severe natural disasters remind us that the impact of perennial perils shouldn’t be underestimated either. Risk managers face a highly complex and volatile environment of both traditional business risks and new technology challenges in future.”
New business interruption triggers emerging
Business Interruption (BI) is the most important risk for the sixth year in a row, ranking top in 13 countries and the Europe, Asia Pacific, and Africa & Middle East regions. No business is too small to be impacted. Companies face an increasing number of scenarios, ranging from traditional exposures, such as fire, natural disasters and supply chain disruption, to new triggers stemming from digitalisation and interconnectedness that typically come without physical damage, but with high financial loss.
Breakdown of core IT systems, terrorism or political violence events, product quality incidents or an unexpected regulatory change can bring businesses to a temporary or prolonged standstill with a devastating effect on revenues.
For the first time, cyber incidents also rank as the most feared BI trigger, according to businesses and risk experts, with BI also considered the largest loss driver after a cyber incident. Cyber risk modeler Cyence, which partners with AGCS and is now part of Guidewire Software, estimates that the average cost impact of a cloud outage lasting more than 12 hours for companies in the financial, healthcare and retail sectors could total $850m in North America and $700m in Europe.
BI also ranks as the second most underestimated risk in the Allianz Risk Barometer. “Businesses can be surprised about the actual cause, scope and financial impact of a disruption and underestimate the complexity of ‘getting back to business’. They should continuously fine tune their emergency and business continuity plans to reflect the new BI environment and adequately consider the rising cyber BI threat,” said Volker Muench, Global Property and BI expert, AGCS.
Weather and technology risk on the rise
After a record-breaking $135bn in insured losses from natural catastrophes alone in 2017 - the highest ever - driven by hurricanes Harvey, Irma and Maria in the US and the Caribbean, Natural catastrophes returns to the top three business risks globally.
“The impact of natural catastrophes goes far beyond the physical damage to structures in the affected areas. As industries become leaner and more connected, natural catastrophes can disrupt a large variety of sectors that might not seem directly affected at first glance around the world,” said Ali Shahkarami, Head of Catastrophe Risk Research, AGCS.
Respondents fear 2017 could be a harbinger of increasing intensity and frequency of natural hazards. Climate change/increasing weather volatility is a new entrant in the Risk Barometer top 10 in 2018 and the loss potential for businesses is further exacerbated by rapid urbanisation in coastal areas.
The rising impact of new technologies
Meanwhile, the risk impact of New technologies is one of the big movers in the Allianz Risk Barometer, up to #7 from #10. It also ranks as the second top risk for the long-term future after cyber incidents, with which it is closely interlinked.
Vulnerability of automated or even autonomous or self-learning machines to failure or malicious cyber acts, such as extortion or espionage, will increase in future and could have a significant impact if critical infrastructure, such as IT networks or power supply, is involved.
“Although there may be fewer smaller losses due to automation and monitoring minimising the human error factor, this may be replaced by the potential for large-scale losses, once an incident happens,” explained Michael Bruch, Head of Emerging Trends, AGCS.
“Businesses also have to prepare for new risks and liabilities as responsibilities shift from human to machine, and therefore to the manufacturer or software supplier. Assignment and coverage of liability will become much more challenging in future.”