Allianz Risk Barometer 2020 – cyber incidents ranks as the most important business risk globally, for the first time

. 9^th annual survey on top business risks attracts record participation of 2,700+ experts from over 100 countries

. Cyber incidents have become more damaging and expensive for companies – and often result in lawsuits and litigation after the event

. Business interruption ranks second, but remains a key challenge with digitalization and civil unrest creating new causes of disruption and loss of income

For the first time ever, Cyber incidents (39% of responses) ranks as the most important business risk globally in the ninth Allianz Risk Barometer 2020, relegating perennial top peril Business interruption (BI) (37% of responses) to second place. Awareness of the cyber threat has grown rapidly in recent years, driven by companies increasing reliance on data and IT systems and a number of high-profile incidents. Seven years ago it ranked only 15th with just 6% of responses.

Changes in legislation and regulation (#3 with 27%) and Climate change (#7 with 17%) are the biggest climbers globally underlining the US-China trade war, Brexit and global warming as increasing concerns for companies and nations.

The annual survey on global business risks from Allianz Global Corporate & Specialty (AGCS) incorporates the views of a record 2,718 experts in over 100 countries including CEOs, risk managers, brokers and insurance experts.

“The Allianz Risk Barometer 2020 highlights that cyber risk and climate change are two significant challenges that companies need to watch closely in the new decade,” says Joachim Müller, CEO of AGCS. 

“Of course, there are many other damage and disruption scenarios to contend with but if corporate boards and risk managers fail to address cyber and climate change risks this will likely have a critical impact on their companies’ operational performance, financial results and reputation with key stakeholders. Preparing and planning for cyber and climate change risks is both a matter of competitive advantage and business resilience in the era of digitalization and global warming.”

Cyber risks continue to evolve

In addition to being the top risk globally, Cyber incidents is among the top three risks in many of the countries surveyed; in Austria, Belgium, France, India, South Africa, South Korea, Spain, Sweden, Switzerland, the UK and the US it also ranks as the top business risk. Businesses face the challenge of larger and more expensive data breaches, an increase in ransomware and spoofing incidents, as well as the prospect of privacy-driven fines or litigation after any event. A mega data breach – involving more than one million compromised records – now costs on average $42mn [1], up 8% year-on-year. 

“Incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands. Five years ago, a typical ransomware demand would have been in the tens of thousands of dollars. Now they can be in the millions,” says Marek Stanislawski, Deputy Global Head of Cyber, AGCS.

Extortion demands are just one part of the picture: Companies can suffer major BI losses due to the unavailability of critical data, systems or technology, either through a technical glitch or cyber-attack. 

“Many incidents are the results of human error and can be mitigated by staff awareness trainings which are not yet a routine practice across companies,” says Stanislawski.

Business interruption – an undiminished threat with new causes

After seven years at the top, BI drops to the second position in the Allianz Risk Barometer. However, the trend for larger and more complex BI losses continues unabated. Causes are becoming ever more diverse, ranging from fire, explosion or natural catastrophes to digital supply chains or even political violence. “Digital supply chains and platforms today allow for full transparency and traceability of goods but a fire at a data center, a technical glitch or a hack could bring large BI losses for multiple companies that all rely and share the same system and which cannot switch back to manual processes,” says Raymond Hogendoorn, Global Head of Property and Engineering Claims at AGCS.

Businesses are also increasingly exposed to the direct or indirect impact of riots, civil unrest or terrorism attacks. The past year has seen civil unrest escalate in Hong Kong, Chile, Bolivia, Colombia and France, resulting in property damage, BI and general loss of income for both local and multinational companies as shops closed for months, customers and tourists stayed away or employees couldn’t access their workplace due to safety concerns. 

[1] IBM Security, Ponemon, Cost Of A Data Breach Report 2019