Allianz Risk Barometer 2020: Cyber top peril for Asia-Pacific companies for the first time
Media OutReach – 14 January 2020 – For the first time ever, Cyber incidents (35% of responses) ranks as the most important business risk in Asia-Pacific in the ninth Allianz Risk Barometer 2020, relegating perennial top peril Business interruption (BI) (34% of responses) to second place. The region’s results mirror a global trend that has seen awareness of the cyber threat growing rapidly in recent years, driven by companies increasing reliance on data and IT systems and a number of high-profile incidents. It is a stark change from seven years ago when it did not even feature in the top 10 risks on the mind of risk managers regionally.
Climate change (#3 with 25%) and Political risks and violence (debuting in the top 10 at #10 with 9%) are the biggest climbers regionally, underlining global warming and the business interruption that accompanies civil unrest as increasing concerns for companies and nations. The annual survey on global business risks from Allianz Global Corporate & Specialty (AGCS) incorporates the views of a record 2,718 experts in over 100 countries including CEOs, risk managers, brokers and insurance experts.
“For the first time, Cyber overtakes Business Interruption as the top risk for businesses in Asia Pacific. While 2019 saw no major global cyber-incidents in the vein of past events like WannaCry and NotPetya, businesses are increasingly cognizant of the costs associated with being a victim of a cyber-attack, with IBM estimating the average cost of a data breach being slightly under US$4m,” says Mark Mitchell, Regional CEO, Asia Pacific of AGCS.
He added: “Rounding up the top 3 risks in the region is Climate Change. In a year which saw Greta Thunberg address the United Nations, Climate Change was a big riser, having only ranked 8th in the previous edition, reflecting the increased scrutiny and pressure that businesses are under to operate in a sustainable manner.”
Cyber risks continue to evolve
In addition to being the top risk regionally and globally, Cyber incidents is among the top three risks in 80% of the countries surveyed in Asia Pacific, with India and South Korea ranking it as the top business risk. Businesses face the challenge of larger and more expensive data breaches, an increase in ransomware and spoofing incidents, as well as the prospect of privacy-driven fines or litigation after any event. A mega data breach – involving more than one million compromised records – now costs on average $42mn, up 8% year-on-year.
“Incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands. Five years ago, a typical ransomware demand would have been in the tens of thousands of dollars. Now they can be in the millions,” says Marek Stanislawski, Deputy Global Head of Cyber, AGCS.
Extortion demands are just one part of the picture: Companies can suffer major BI losses due to the unavailability of critical data, systems or technology, either through a technical glitch or cyber-attack. “Many incidents are the results of human error and can be mitigated by staff awareness trainings which are not yet a routine practice across companies,” says Stanislawski.
Business interruption — an undiminished threat with new causes
After seven years at the top, BI drops to the second position in the Allianz Risk Barometer. However, the trend for larger and more complex BI losses continues unabated. Causes are becoming ever more diverse, ranging from fire, explosion or natural catastrophes to digital supply chains or even political violence. In Australia, the total damage and economic loss caused by wildfires from September 2019 and into 2020 is estimated to cost $110 billion.
Businesses are also increasingly exposed to the direct or indirect impact of riots, civil unrest or terrorism attacks. Escalating civil unrest in Hong Kong has resulted in property damage, BI and general loss of income for both local and multinational companies as shops closed for months, customers and tourists stayed away or employees couldn’t access their workplace due to safety concerns. The consequence is a business interruption without physical losses but high financial ones.
Climate change brings added risk complexity
Climate change is a huge riser regionally, jumping to third from eighth last year, driven by risk management experts in countries and territories such as Australia, Hong Kong, India and Indonesia. Ongoing wildfires engulfing Australia, as well as severe floods in Jakarta have certainly hammered home the consequences of increasingly volatile weather for businesses.
An increase in physical losses is the exposure businesses fear most (49% of responses) as rising seas, drier droughts, fiercer storms and massive flooding pose threats to factories and other corporate assets, as well as transport and energy links that tie supply chains together. Further, business are concerned about operational impacts (37%), such as relocation of facilities, and potential market and regulatory impacts (35% and 33%). Companies may have to prepare for more litigation in future — climate change cases targeting ‘carbon majors’ have already been brought in 30 countries around the world, with most cases filed in the US.
“There is a growing awareness among companies that the negative effects of global warming above two degrees Celsius will have a dramatic impact on bottom line results, business operations and reputation,” says Chris Bonnet, Head of ESG Business Services at AGCS. “Failure to take action will trigger regulatory action and influence decisions from customers, shareholders and business partners. Therefore, every company has to define its role, stance and pace for its climate change transition — and risk managers need to play a key role in this process alongside other functions.”
Global results largely mirror the region’s, with Climate change (#7 with 17%) also moving up the rankings vis-à-vis the previous year, though not as drastically as Asia-Pacific, a reflection of how the effects of global warming have been more severely felt closer to home. Changes in legislation and regulation (#3 with 27%) rounds up the top 3 globally as businesses are increasingly concerned over the US-China trade war and Brexit.
“The Allianz Risk Barometer 2020 highlights that cyber risk and climate change are two significant challenges that companies need to watch closely in the new decade,” says Joachim Müller, CEO of AGCS. “Of course, there are many other damage and disruption scenarios to contend with but if corporate boards and risk managers fail to address cyber and climate change risks this will likely have a critical impact on their companies’ operational performance, financial results and reputation with key stakeholders. Preparing and planning for cyber and climate change risks is both a matter of competitive advantage and business resilience in the era of digitalization and global warming.”
More information on the findings of the Allianz Risk Barometer 2020 is available here:
 IBM Security, Ponemon, Cost Of A Data Breach Report 2019
About Allianz Global Corporate & Specialty
Our customers are as diverse as business can be, ranging from Fortune Global 500 companies to small businesses, and private individuals. Among them are not only the world’s largest consumer brands, tech companies and the global aviation and shipping industry, but also wineries, satellite operators or Hollywood film productions. They all look to AGCS for smart answers to their largest and most complex risks in a dynamic, multinational business environment and trust us to deliver an outstanding claims experience.
Worldwide, AGCS operates with its own teams in 33 countries and through the Allianz Group network and partners in over 200 countries and territories, employing over 4,400 people. As one of the largest Property-Casualty units of Allianz Group, we are backed by strong and stable financial ratings. In 2018, AGCS generated a total of €8.2 billion gross premium globally.
Cautionary Note Regarding Forward-Looking Statements
The statements contained herein may include statements of future expectations and other forward-looking statements that are based on management’s current views and assumptions and involve known and unknown risks and uncertainties that could cause actual results, performance or events to differ materially from those expressed or implied in such statements. In addition to statements which are forward-looking by reason of context, the words “may”, “will”, “should”, “expects”, “plans”, “intends”, “anticipates”, “believes”, “estimates”, “predicts”, “potential”, or “continue” and similar expressions identify forward-looking statements.
Actual results, performance or events may differ materially from those in such statements due to, without limitation, (i) general economic conditions, including in particular economic conditions in the Allianz Group’s core business and core markets, (ii) performance of financial markets, including emerging markets, and including market volatility, liquidity and credit events (iii) the frequency and severity of insured loss events, including from natural catastrophes and including the development of loss expenses, (iv) mortality and morbidity levels and trends, (v) persistency levels, (vi) the extent of credit defaults, (vii) interest rate levels, (viii) currency exchange rates including the Euro/U.S. Dollar exchange rate, (ix) changing levels of competition, (x) changes in laws and regulations, including monetary convergence and the European Monetary Union, (xi) changes in the policies of central banks and/or foreign governments, (xii) the impact of acquisitions, including related integration issues, (xiii) reorganization measures, and (xiv) general competitive factors, in each case on a local, regional, national and/or global basis. Many of these factors may be more likely to occur, or more pronounced, as a result of terrorist activities and their consequences.
The matters discussed herein may also be affected by risks and uncertainties described from time to time in Allianz SE’s filings with the U.S. Securities and Exchange Commission. The company assumes no obligation to update any forward-looking statement.