Businesses are exposed to an increasing number of disruptive scenarios stemming from today’s interconnected corporate environment.
Although traditional industrial perils, including natural catastrophes and fire, continue to head this year’s Allianz Risk Barometer rankings, businesses are also concerned about the increasing impact of a number of non-property damage risks – such as cyber and political risks which can impair both balance sheet and reputation, the risk barometer shows.
Collaboration and communication have a vital role to play in improving mitigation and risk management of these corporate risks.
The Allianz Risk Barometer is an annual survey that quizzes over 500 risk managers and corporate insurance experts from more than 40 countries.
In the 2015 barometer – and for the third year in succession – business interruption and supply chain risk ranks as the top peril with almost half (46 per cent) of the responses rating this as the most important risk for companies, up 3% year-on-year. Natural catastrophes (30%) and fire/explosion (27%) rank second and third and are also the major causes of business interruption companies fear most. Cyber (17%t) and political risks (11%) are the most significant movers in this year’s barometer. Yet although awareness increases – with accounts of cyber attacks seemingly in the headlines every day – cyber still ranks as the top peril underestimated by many companies, the risk barometer shows.
Political risk is also a much bigger concern for businesses. More and more countries are experiencing political situations which pose a huge challenge for companies’ people and assets. Country risk levels change more often and more frequently than they did in the past, which makes risk assessment more volatile and businesses more vulnerable.
Business interruption impact outweighs physical damage
Business interruption and supply chain risk ranks as the top peril in all three regions surveyed for the 2015 risk barometer: Europe, Middle East and Africa (EMEA), Americas and Asia Pacific. This topic will naturally concern communications professionals who are only too aware of the reputational damage arising from a major service disruption.
It is interesting to note that the impact of the subsequent disruption potentially affecting a company, its suppliers and customers often outweighs that of the physical damage. At $1.36 million, the average business interruption insurance claim is 32 per cent higher than the average direct property damage claim ($1.03 million), Allianz research shows. Such business interruption claims do not include the cost of reputational damage – a growing concern for risk managers. In recent years, insurers have responded with an increasingly sophisticated approach to reputational insurance, including for the impact of cyber attacks, yet best practice suggests that a combination of pre-loss risk management plus post-loss insurance coverage and loss mitigation remains essential.
“Cyber risks is the big mover in EMEA’s top 10.”
According to responses natural catastrophes (58 per cent), changes to the political environment (53 per cent) and the impact of globalisation, including increasingly specialised global suppliers, (41 per cent) are the main risks that can lead to supply chain disruption, with these also identified as the top trends that will increase the threat of business interruption in future. However, the increasing impact of digitalisation, including internet-based supply chain management, is identified as an emerging risk in both of these categories.
More severe implications
Adequate mitigation of contingent business interruption – which is when a business is unable to operate because of an event that damages one of its suppliers – and business continuity management remains a gap in many multinational companies’ supply chain risk management programmes.
Interdependencies between suppliers are often a big unknown. Many businesses still do not have alternate suppliers.
At the same time the greater interconnectivity of the global economy is manifesting itself in increasingly more complex production processes with higher economic values resulting in possibly more severe business interruption implications. Therefore businesses need to better analyse their production processes accordingly. Collaboration between different areas of the company – such as purchasing, logistics, product development and finance – is necessary in order to develop robust processes which identify break points in the supply chain. Supply chain performance management analysis can enable early warning systems to be created.
Many of the major causes of business interruption identified in the risk barometer relate to the rising impact of non-physical damage events such as the impact of a product quality incident (24%), a cyber attack (17%), civil unrest (11%), loss of talent (7%) and particularly the impact of failure in service delivery by a supplier (35%, ranked third), reflecting the added complexity of business interruption risks.
Non-damage business interruption is becoming a much bigger issue as companies look to protect against a range of different exposures, such as strikes, a government authority closing down an area linked to an outbreak of disease, or civil commotion and/or riots.
Loss of reputation main cost in event of cyber attack
Cyber attacks are increasing, both in number and sophistication. One recent study estimates cybercrime now costs the global economy in excess of $400 billion a year. Therefore it is unsurprising that cyber risks is the most significant mover in the top 10 global business risks, moving up three positions year-on-year, ensuring it enters the top five risks for the first time. In 2014 it ranked eighth and in 2013 just 15th in the risk barometer. All industries surveyed found cyber risks to be a greater concern than last year. The financial services, manufacturing, power and utilities and engineering sectors were the most influential in ranking cyber risks higher.
According to responses, loss of reputation (61%) is the main cause of economic loss followed by business interruption (49%) and damages paid due to loss of customer data (45%).
The almost automatic blow to a company’s reputation following a cyber attack can have a dramatic impact on balance sheets. According to the Edelman Privacy Risk Index 71% of customers say they would leave an organization after a data breach. Companies must be aware of such potential reputational risks and analyse them, making sure they assign values to the possible scenarios to minimize and assess the residual risk.Meanwhile, data theft and manipulation (64%), reputational loss (48%) and increased threat of persistent hacking (44%) are the scenarios businesses fear most.
However, companies should also not underestimate the so-called “human factor”. Employees can cause large IT security or loss of privacy events, both inadvertently and deliberately.
The fact that the impact of an incident is still underestimated was the top reason given (73%) for why companies are not better prepared to combat cyber risks, followed by budgetary constraints (59%) and a lack of understanding about the inherent complexity such risks bring (54%).
Identification and evaluation of cyber threat scenarios is difficult. Different stakeholders from the business need to share knowledge – IT experts can identify the scenarios, business continuity managers can quantify the duration and finance the cost. Previously siloed knowledge needs to be incorporated in one “think tank”, which also includes the set-up of IT, processes and risk transfer, not to mention the communications perspective. Everything must be closely interlinked.
Better hardware and software solutions including monitoring tools (75%), better processes (62%) and improving awareness amongst employees (56%) would also help companies to be better prepared for the eventual outcomes, according to the risk barometer. However, improvements in these areas will not result in 100 per cent IT security. Indeed, no such thing exists.
Geo-political situation continues to deteriorate
A year ago political risks including social upheaval, political violence and war ranked 18th in the risk barometer, so events of the past 12 months have altered risk perception significantly, resulting in this risk rising nine positions to ninth overall. Incidents in the Ukraine, Russia, the Middle East and North Africa, Hong Kong and Thailand have impacted respondents in multi-industry businesses and the marine and shipping, transportation, aviation and oil and gas sectors in particular.
Political risks appear in the top 10 risks in the EMEA region for the first time in eighth position. It is also a new entrant in the top 10 risks for Brazil, has become one of the top three risks in Russia and, unsurprisingly, ranks as the top business concern in Ukraine.
Whether it is war, acts of terrorism or protests, political and social risks are inherently unpredictable. Ongoing war, insurrection, revolution and civil unrest across the Middle East and North Africa continue to pose a significant risk to foreign companies operating in the region. Meanwhile, the situation in Russia/Ukraine is still deemed volatile, negatively impacting businesses in these countries but also abroad.
Even the best companies can suffer asset losses because of political risk. A number of companies that enter into developing countries have only a very basic understanding of the new environment. It’s important to have an ear to the ground.
The risk barometer analyzes responses from a record 47 countries around the world. Although the top three risks business interruption/supply chain, natural catastrophes and fire/explosion are identical across the EMEA, Americas and Asia Pacific regions for the third successive year there are both differences and further similarities elsewhere.
Cyber risks is the big mover in EMEA’s top 10 risks, climbing from 9th to 5th, driven by increasing concern in Germany (second top risk), the UK (third top risk) and becoming a new entry in the top 10 risks in markets such as Spain and France for the first time. Increasing regulation, which is ranked forth, is a particular concern for European companies.
Across the Americas region although cyber risks is again the big mover, rising from eighth to fourth position, a combination of shortage of skilled talent, together with an aging workforce is deemed an increasing concern and a new entry in the top 10 risks in the US.
Concerns over quality deficiencies and serial defects and commodity price increases are higher year-on-year across the Americas, compared with 2014, replacing theft, fraud and corruption and market stagnation and decline worries in the top 10.
Across the Asia Pacific region companies are more concerned about the trading environment than 12 months ago with the prospect of market stagnation or decline a new entry in the top 10 risks. A shortage of skilled talent also remains a concern, with awareness of this risk even more pronounced than a year ago. Competition remains fierce to secure the best talent and poaching is common practice, increasing the risk of artificially inflating the cost of talent.
As in the Americas region concerns over quality deficiencies and serial defects are higher year-on-year in Asia reflecting the fact a product quality incident is one of the top five causes of business interruption according to risk managers and corporate insurance experts.
Interestingly, the Asia Pacific region is the only region where cyber risk does not appear in the top 10, suggesting that many companies do not grasp the full possibility of the potential implications.
For the first time this year the risk barometer includes the top 10 risks in the Asia Pacific region’s most powerful economy, China. Fire/explosion ranks as the top risk, with natural catastrophes second. Market stagnation or decline ranked third.
Also for the first time, the risk barometer examines the emerging risk environment for businesses over the short- and long-term future. At the same time as being exposed to climate change as an underlying risk which is not within their direct control, companies also expect to face further disruption from technological innovation. New technologies such as 3D printing or nanotechnology undoubtedly bring new opportunities, but they also entail new forms of risk. Collaboration will be needed across industries, but also within the different functional areas of each individual company, to analyse and tackle emerging risks holistically.
About the Allianz Risk Barometer
• The Allianz Risk Barometer 2015 survey was conducted among global businesses and risk consultants, underwriters, senior managers and claims experts within both Allianz Global Corporate & Specialty and local Allianz entities with a focus on both large industrial and mid-sized companies.
• There were a record 516 respondents from a total of 47 countries. As multiple answers for up to two industries were possible 709 answers were delivered. Business sectors covered included: multi-sector businesses; engineering/construction; manufacturing (including automotive); financial services; power and utilities; marine and shipping; transportation; aviation; oil and gas; and food and beverage.
• Read the full report on the AGCS website: goo.gl/rNOESI