The new year is seeing a substantial shift in the risk landscapefor businesses.

Businesses are becoming less concerned about the impact oftraditional industrial risks, such as natural catastrophes or fire,and are becoming more worried about the impact of other disruptiveevents, fierce competition in their markets and cyberincidents.

A recent survey of over 800 risk managers and insurance expertsfrom more than 40 countries revealed that business and supply chaininterruption (BI) remains the top risk for businesses globally, forthe fourth consecutive year.

The survey, "Allianz Risk Barometer 2016," is the fifthannual survey on corporate risks released by Allianz GlobalCorporate & Specialty.

According to the survey, many companies are concerned that BIlosses, which usually result from property damage, willincreasingly be driven by cyber attacks, technical failure orgeopolitical instability as new “non-physical damage” causes ofdisruption.

The survey cited cyber incidents as the most important long-termrisk for companies in the next 10 years. Also in the top threeglobal business risks are market developments, which consist ofmarket volatility, intensified competition and market stagnation.In contrast, natural catastrophes dropped two positions to fourth,year over year, reflecting the fact that in 2015 losses fromnatural disasters reached their lowest level since 2009.

In the United States, 39% of respondents cited BI as the topbusiness risk, followed by natural catastrophes (33%) and cyber(32%).

“Business interruption continues to be the primary concern ofrisk managers and how well a company responds will determine howwell it survives to compete,“ said Hugh Burgess, Allianz's globalhead of mid-corporate and head of corporate lines, NorthAmerica. “As global supply chains continue to grow andincrease in complexity, the threat of BI continues to incubate innumerous and increasing areas, which in turn, continues to weigh onthe minds of risk managers today.”

The Cyber insurance market in Europe is still in itsinfancy, but is expected to grow quickly as the European Unionmoves to adopt data protection regulations this year. (Photo:iStock)

Rising sophistication of cyber attacks

The survey revealed that businesses globally are growing moreconcerned about the threat of cyber incidents, which include cybercrime, data breaches and technical IT failures.

The threat of cyber incidents increased by 11%, year over year,moving from fifth position into the top three risks (28% of globalresponses). Five years ago, only 1% of the inaugural "Allianz RiskBarometer" respondents cited cyber incidents as a risk. Now,69% cited loss of reputation as the main cause of economic loss forbusinesses after a cyber incident, followed by BI (60%) andliability claims after a data breach (52%).

Almost 50% of respondents said that a lack of understanding ofthe complexity of the risks involved is the main factor preventingcompanies from being better prepared to combat cyber threats,followed by inconcrete assessment of the cost of the risks involved(46%).

Related: Here come the accountants — the codification ofcyber risk

“Attacks by hackers are becoming more target-oriented, lastingfor longer and can trigger a continuous penetration,” said JensKrickhahn, practice leader for cyber and fidelity at AGCS FinancialLines Central and Eastern Europe.

“Studies show that it takes, on average, 90 days for businessesto discover they have been hacked," he said. "Often the incident isidentified, not by the business itself, but by the customer oranother stakeholder, which is another reason why risks pose a hugethreat to a company’s reputation.”

Krickhahn added that prevention is a key element in IT security,therefore it is important for companies to include cyber riskmanagement strategy.

“The fact that companies often only recognize the loss when anattack has already happened means all they can do is try andprevent further damage,” he said.

The report said that although the Cyber insurance market, stillin its infancy in Europe, is developing quickly, the U.S. markethas already reached maturity and has experienced substantiallosses.

“The U.S. is unique in that we have already paid losses in thehundreds of millions to cover cyber loss. Breaches happeneverywhere, but the U.S. has complex regulatory regimes and anextremely active plaintiff's bar. These dynamics have driven theprice of loss higher in the U.S. than anywhere else,” saidAllianz’s Emy Donavan, national practice leader forcyber. “Boards and C-suites in the U.S. are acutely aware ofthe individual risk they may have if a cyber-event occurs on theirwatch. Litigation trends and case law are developing soquickly that potential liability associated with clients’ normaloperations can change literally overnight.”

Related: Are you prepared for these claims, tech and riskmanagement trends?

An analysis from an AGCS report, “A Guide to Cyber Risk:Managing The Impact of IncreasingInterconnectivity,” estimated cyber crime to cost the globaleconomy approximately $445 billion a year, with the world’s largesteconomies accounting for around half of this. The threat posed bysuch incidents is expected to increase further during 2016.

The report said that data protection rules around the world arebecoming tougher as governments bolster cyber security, which has asignificant impact for businesses, as penalties for failing to takeprecautionary measures can be severe.

The U.S. already has strict laws that require companies tonotify individuals of a breach. The European Union is moving aheadwith plans to harmonize its regime, with data protectionregulations expected in 2018. A current version proposes fines ofup to 4% of a company’s global turnover for breaching the rules— which could run to billions of dollars.

These developments are also expected to drive growth in theCyber insurance market, as companies seek to protect against theincreasing costs associated with responding to a breach.

Related: Cyber insurance 2015: Inside a robust and rapidlychanging market

The report suggested that all organizations consider their cyberexposures and prepare for a potential incident:

• Businesses should identify key assets at risks and potentialweaknesses — such as human error or overreliance on thirdparty service providers.
• Different stakeholders from the business must share knowledge.Insurance can mitigate the impact of many cyber risks but after asecurity incident or loss of data an immediate response is requiredto manage the incident successfully.
• Companies need a crisis or breach response plan, which shouldbe regularly reviewed and tested.

Related: How to develop a cyber strategy

Have you Liked us on Facebook?