Cyber incidents top the Australian risk landscape in 2018

| January 24, 2018

Cyber incidents are seen as the most pressing risk for Australian businesses of all sizes and sectors this year with companies increasingly concerned about changing regulation and high profile attacks, according to this year’s Allianz Risk Barometer.

The insurers’ report is based on the insight of a record 1,911 risk experts from 80 countries and its findings for Australia reveal that cyber incidents top the risk list for the first time with almost half of responders expressing concern, up from under a third in 2017.

The cyber risk usurped concerns around business interruption, which dropped to second place this year with 46% of responses received.

AGCS Australia Chief Executive Willem Van Wyk says the change in risks was probably caused by the new mandatory data notification laws that come in to effect in Australia on 22 February.

“Cyber risk is a 24/7 threat that continues to dominate board discussions both here in Australia and around the world as companies grapple with this fast-evolving risk,” Van Wyk said in launching the new report.

The risk posed by new technologies was also a big mover in Australia’s risk list this year. It jumped from seventh place in 2017 to equal third, alongside changes in legislation and regulation, with 28% of responses.

“Australia’s top risks paint an interesting picture of the local business landscape, with companies clearly concerned about how new technologies will either help or hinder their operations, and what the regulatory environment will do in response,” Van Wyk noted.

The top 10 risks in Australia are:

  1. Cyber incidents such as cyber crime, IT failure and data breaches with 49% of responses, up from 31% in 2017.
  2. Business interruption, including supply chain disruption, at 46%, down from 51% last year.
  3. Changes in legislation and regulation, including electoral shifts, economic sanctions, protectionism and trading changes such as Brexit, at 28%, 5% higher than 2017.
  4. New technologies, including the impact of increasing connectivity, nanotechnology, artificial intelligence, 3D printing and drones, at 28%, up from 18% last year
  5. Loss of reputation or brand value, at 26% compared to 18% in 2017
  6. Natural catastrophes such as storms, fires and floods at 26%, up from 21% last year.
  7. Market developments such as stagnation or volatility, intensified competition, new entrants and mergers and acquisitions at 21%, down from 44% 12 months ago.
  8. Quality deficiencies such as serial defects and product recalls at 13%.
  9. Climate change and increasing weather volatility at 10%
  10. Talent shortage at 10%.

Global Business Risks

In global terms, business interruption (# 1 with 42% of responses / # 1 in 2017) and cyber incidents (# 2 with 40% of responses, up from # 3 in 2017) are this year’s top business risks.

Larger losses from natural catastrophes (# 3 with 30% of responses, up from # 4 in 2017) are also a rising concern for companies around the world after 2017 broke records for fires and other catastrophes.  These disasters also ensured that climate change and increasing weather volatility appear in the top 10 most important risks for the first time.

Mark Mitchell, the CEO of AGCS in Asia, noted that 2017 was the costliest ever year in terms of natural disasters.  Despite most of the problems occurring in North America and Mexico, they still affect Asia as half the claims, in terms of value, were made by subsidiaries of multi-national firms based outside the disaster zones.

This phenomenon underlines the need for companies to adopt a global approach to risk exposures and insurance coverage and, as manufacturing shifts east, Asia is increasingly exposed to such disasters, wherever they happen around the world.

The risk impact of new technologies (# 7 2018 / # 10 2017) is one of the biggest climbers, as companies recognize innovations such as artificial intelligence or autonomous mobility could create new liabilities and larger-scale losses, as well as opportunities, in the future. Conversely, businesses are less worried about Market developments (# 4 2018 / # 2 2017) than 12 months ago.

Cyber risks continue to evolve

The risk posed by cyber incidents continues its upward trend in the Allianz Risk Barometer. Five years ago it ranked # 15 around the world, in 2018 it is # 2 and the # 1 threat in this country.

Multiple threats such as data breaches, network liability, hacker attacks and cyber business intelligence, ensure it is the top business risk in 11 surveyed countries in the Americas and # 2 in Europe and the Asia Pacific. It also ranks as the most underestimated risk and the major long-term peril.

Recent events such as the WannaCry and Petya ransomware attacks brought significant financial losses to a large number of businesses. Others, such as the Mirai botnet, the largest-ever distributed denial of service attack on major internet platforms and services in Europe and North America, at the end of 2016, demonstrate the interconnectedness of risks and shared reliance on common internet infrastructure and service providers.

On an individual level, recently identified security flaws in ITEL and other computer chips in nearly every modern device reveal the cyber vulnerability of modern societies. The potential for so-called “cyber hurricane” events to occur, where hackers disrupt larger numbers of companies by targeting common infrastructure dependencies, will continue to grow in 2018.

SME Business Risks
The report argues that awareness of the cyber threat is soaring among small- and medium-sized businesses as the potential impact from data breaches and phishing attacks hits home. However fighting back against the cyber-criminals poses a different set of challenges for SMEs compared with larger companies.
Small- to medium-sized business experts now account for almost half (47%) of the responses to the Risk Barometer survey.  For medium-sized companies with annual revenues between €250m and €500m around the world, cyber incidents rank as the top risk for the first time (39% of responses), while for smaller companies with annual revenues under €250m it ranks as the 2nd major business risk at 30% of responses.
“The jump that cyber incidents have taken in the past year – from 3rd to 1st for medium-sized companies and from 6th to 2nd for small-sized companies – is significant and reflects an uptick in the attention paid to data breaches both by SME companies and their insurance brokers,” bited Vinko Markovina, the Global Head of MidCorp at AGCS.
“Awareness is growing, as the Risk Barometer results show, but many SMEs still underestimate their exposure and are not prepared for, or are able to respond to, an incident. This can be a fatal mistake.”
As increasing numbers of cyber incidents occur and are reported, more evidence of its financial impact is becoming available to SMEs around the globe, proving the impact can be catastrophic. Kaspersky research found the average cost of a data breach in North America to be $117,000 for SMEs in North America, while other studies show that hackers have breached over 50% of small businesses, with these numbers increasing year on year.
SMEs can be vulnerable as many lack sufficient revenue to afford their own IT departments and so lack access to the knowledge and resources required to protect themselves against evolving threats. They can be particularly susceptible to phishing attacks via email or fraudulent activity happening in their e-commerce storefronts.
Employing a Chief Information Security Officer (CISO) who can implement a comprehensive information security management system is considered a must by larger firms to combat the cyber threat but this can be costly and time-consuming and is often beyond the financial reach of many SMEs.
Effective solutions are possible however, AGCS has partnered with Silicon-Valley based software company Zeguro to implement a “virtual CISO” platform as part of its insurance coverage, for example, allowing SMEs to access tailored security recommendations and training for employees, helping to reduce the overall risk of financial loss following an incident.
“Cyber insurance used to be a confusing and relatively expensive cover for SME-sized businesses. However, as coverage has become more available, affordable and easier to understand, we are seeing more demand,” says Markovina in the Risk Barometer report. “Activity around cyber will only accelerate in the SME space through 2018.”
SHARE WITH: