Cyber rises to 2nd biggest global risk

Cyber threat continues its upward trend globally, ranking 2nd in the Allianz Risk Barometer in 2018 compared to the 15th place five years ago.

Multiple threats such as data breaches, network liability, hacker attacks or cyber business interruption (BI), ensure it is the top business risk in 11 surveyed countries and the Americas region and 2nd in Europe and Asia Pacific, according to an Allianz Jan. 16 press release. It also ranks as the most underestimated risk and the major long-term peril.

Recent events such as the WannaCry and Petya ransomware attacks brought significant financial losses to a large number of businesses. Others, such as the Mirai botnet, the largest-ever distributed denial of service (DDoS) attack on major internet platforms and services in Europe and North America, at the end of 2016, demonstrate the interconnectedness of risks and shared reliance on common internet infrastructure and service providers. On an individual level, recently identified security flaws in computer chips in nearly every modern device reveal the cyber vulnerability of modern societies. The potential for so-called “cyber hurricane” events to occur, will continue to grow in 2018, according to Allianz.

The Allianz Risk Barometer results show that awareness of the cyber threat is soaring among small- and medium-sized businesses, with a significant jump from rank 6 to rank 2 for small companies and from position 3 to position 1 for medium-sized companies. With regard to sector exposure, cyber incidents rank top in the entertainment & media, financial services, technology and telecommunications industries.

Business interruption (BI) remains the most important risk for the sixth year in a row (# 1 with 42% of responses / # 1 in 2017), ranking top in 13 countries and the Europe, Asia Pacific, and Africa & Middle East regions. No business is too small to be impacted. Companies face an increasing number of scenarios, ranging from traditional exposures, such as fire, natural disasters and supply chain disruption, to new triggers stemming from digitalization and interconnectedness that typically come without physical damage, but with high financial loss. Breakdown of core IT systems, terrorism or political violence events, product quality incidents or an unexpected regulatory change can bring businesses to a temporary or prolonged standstill with a devastating effect on revenues, the press release says.

For the first time, cyber incidents also rank as the most feared BI trigger, according to businesses and risk experts, with BI also considered the largest loss driver after a cyber incident. Cyber risk modeller Cyence, which partners with AGCS and is now part of Guidewire Software, estimates that the average cost impact of a cloud outage lasting more than 12 hours for companies in the financial, healthcare and retail sectors could total $850 million in North America and $700 million in Europe.

BI also ranks as the second most underestimated risk in the Allianz Risk Barometer. “Businesses can be surprised about the actual cause, scope and financial impact of a disruption and underestimate the complexity of ‘getting back to business’. They should continuously fine tune their emergency and business continuity plans to reflect the new BI environment and adequately consider the rising cyber BI threat,” said Volker Muench, global property and BI expert, AGCS.

Chris Fischer Hirs, CEO of AGCS, added: “For the first time, business interruption and cyber risk are neck-and-neck in the Allianz Risk Barometer and these risks are increasingly interlinked.”

“Whether resulting from attacks such as WannaCry, or more frequently, system failures, cyber incidents are now a major cause of business interruption for today’s networked companies whose primary assets are often data, service platforms or their groups of customers and suppliers. However, last year’s severe natural disasters remind us that the impact of perennial perils shouldn’t be underestimated either. Risk managers face a highly complex and volatile environment of both traditional business risks and new technology challenges in future.”