Business Interruption And Cyber Incidents Dominate 2018 Risk Landscape

New York, January 16, 2018: Allianz Global Corporate & Specialty (AGCS) announced today findings from its seventh annual Allianz Risk Barometer, based on insight from 1,911 risk experts from 80 countries.

Global Rankings

Business interruption (42%) and cyber incidents (40%) lead this year’s top business risks, globally. Larger losses from natural catastrophes (30%) are a rising concern for businesses, with the record-breaking 2017 disaster year. Climate change and increasing volatility of weather ranked in the top 10 business risks globally for the first time.

The risk impact of new technologies (15%) is one of the biggest climbers on the global list, as companies recognize innovations such as artificial intelligence or autonomous mobility could create new liabilities and larger-scale losses in the future.

U.S. Rankings

The risk from cyber incidents (45%) took the top spot on the U.S. rankings for the first time and includes cybercrime, data breaches and IT failure. Business interruption (39%), including impact on supply chains, ranked second followed closely by natural catastrophes (38%).

“For the first time, business interruption and cyber risk are neck-and-neck in the Allianz Risk Barometer and these risks are increasingly interlinked,” says Chris Fischer Hirs, Chief Executive Officer, AGCS. “Whether resulting from attacks such as WannaCry, or more frequently, system failures, cyber incidents are now a major cause of business interruption for today’s networked companies whose primary assets are often data, service platforms or their groups of customers and suppliers. However, last year’s severe natural disasters remind us that the impact of perennial perils shouldn’t be underestimated either. Risk managers face a highly complex and volatile environment of both traditional business risks and new technology challenges in future.”

New BI Triggers Emerging

Business interruption (BI) is the most important global risk for the sixth year in a row, with companies facing an increasing number of scenarios, ranging from traditional exposures, such as fire, natural disasters and supply chain disruption, to new triggers stemming from digitalization and interconnectedness that typically come without physical damage, but with high financial loss.

For the first time, cyber incidents also rank as the most feared BI trigger, according to businesses and risk experts, with BI also considered the largest loss driver after a cyber incident. Cyber risk modeler Cyence, which partners with AGCS and is now part of Guidewire Software, estimates that the average cost impact of a cloud outage lasting more than 12 hours for companies in the financial, healthcare and retail sectors could total $850 mn in North America and $700 mn in Europe.

Cyber Risks Evolving

Five years ago, cyber incidents ranked #15 in the Allianz Risk Barometer; this year it is #2 globally and #1 in the U.S. It also ranks as the most underestimated risk and the major long-term peril.

Recent events such as the WannaCry and Petya ransomware attacks brought significant financial losses to a large number of businesses. Others, such as the Mirai botnet, the largest-ever distributed denial of service (DDoS) attack on major internet platforms and services in Europe and North America, at the end of 2016, demonstrate the interconnectedness of risks and shared reliance on common internet infrastructure and service providers.

On an individual level, recently identified security flaws in computer chips in nearly every modern device reveal the cyber vulnerability of modern societies. The potential for so-called “cyber hurricane” events to occur, where hackers disrupt larger numbers of companies by targeting common infrastructure dependencies, will continue to grow in 2018.

Meanwhile, privacy risk is back in the spotlight following huge data breaches in the U.S. The introduction of the General Data Protection Regulation (GDPR) across Europe in May 2018 will intensify scrutiny further, bringing the prospect of more, and larger, fines for businesses who do not comply.

“Compared to the U.S. where privacy laws have been strict for decades and cyber security and privacy regulation is continuously evolving, firms in Europe now also have to prepare for tougher liabilities and notification requirements. Many businesses will quickly realize that privacy issues can create hard costs once the GDPR is fully implemented,” says AGCS’s Global Head of Cyber, Emy Donavan .

“Past experience has shown that a company’s response to a cyber crisis, such as a breach, has a direct impact on the cost, as well as on a company’s reputation and market value. This will become even more the case under the GDPR.”

Allianz Risk Barometer results show that awareness of the cyber threat is soaring among small- and medium-sized businesses, with a significant jump from # 6 to # 2 for small companies and from # 3 to # 1 for medium-sized companies. With regard to sector exposure, cyber incidents rank top in the Entertainment & Media, Financial Services, Technology and Telecommunications industries.

Weather and Technology Risks on the Rise

After a record-breaking $135 bn in insured losses from natural catastrophes alone in 2017[1] driven by hurricanes Harvey, Irma and Maria in the U.S. and the Caribbean, natural catastrophes returns to the top three business risks globally.

Respondents fear 2017 could be a harbinger of increasing intensity and frequency of natural hazards. Climate change/increasing weather volatility is a new entrant in the Risk Barometer top 10 in 2018 and the loss potential for businesses is further exacerbated by rapid urbanization in coastal areas.

Meanwhile, the risk impact of new technologies is one of the big movers in the Allianz Risk Barometer, up to # 7 from # 10. It also ranks as the second top risk for the long-term future after cyber incidents. Vulnerability of automated or even autonomous or self-learning machines to failure or malicious cyber acts, such as extortion or espionage, will increase in future and could have a significant impact if critical infrastructure, such as IT networks or power supply, is involved.

[1] Munich Re NatCatSERVICE