What is the greatest risk that businesses currently need to manage? The risks associated with cyber incidents, reports CHARLEEN CLARKE, after studying the Allianz Risk Barometer 2018.
We love it and – thanks to the inherent risks it represents – we also hate it. I am, of course, referring to the internet, which has changed life as we know it. Undoubtedly the greatest invention of the 20th century, the internet comes with a multitude of risks.
Cyber incidents are paramount and, according to the findings of the seventh Allianz Risk Barometer, which is published annually by Allianz Global Corporate & Specialty (AGCS), cyber incidents remain the top threat to South African businesses today – with 38 percent of responses for the third year in a row. The 2018 report is based on the insight of a record 1 911 risk experts from 80 countries.
Business interruption (BI) is the second most-prevalent risk – at 34 percent – while changes in legislation and regulation occupied the third place at 29 percent.
The report unveils two new South African business threats that have emerged as part of the top ten list, namely climate change/increasing volatility of weather, and loss of reputation or brand value, both at 16 percent (and occupying position number eight).
These new threats are not surprising, especially given the extreme weather patterns that have resulted in frequent droughts and floods affecting the country.
Market developments as a threat declined slightly to fourth place at 23 percent (from third place in 2017). Fire, explosion and new technologies, in sixth place, are both at 19 percent. The former is not surprising, given the recent fires in the Durban Harbour, Braampark and Knysna.
South Africa is not alone in its concern about cyber incidents. Multiple threats – such as data breaches, network liability, hacker attacks or cyber BI – ensure it is the top business risk in the Americas region, while occupying the number two spot in Europe and the Asia Pacific region. It also ranks as the most underestimated risk and the major long-term peril.
Cyber incidents – through events such as WannaCry and Petya ransomware attacks – brought significant financial losses to a large number of businesses. South African businesses were not left unscathed. In October last year, the personal information of more than 30-million South Africans was exposed online in what is considered the country’s biggest data breach. The bad news is that the potential for so-called “cyber hurricane” events to occur, where hackers disrupt larger numbers of companies by targeting common infrastructure dependencies, is expected to continue to grow in 2018.
“South Africa is reported to have the third-highest number of cyber-crime victims worldwide, losing billions of rand a year to cyber attacks and experiencing more cyber attacks than its African counterparts.
“Although, cyber awareness has significantly increased, particularly among small and medium-sized businesses, it is more challenging for these enterprises to tackle this issue compared to larger corporations,” Nobuhle Nkosi, cyber insurance expert at AGCS Africa, tells SHEQ MANAGEMENT.
Cyber risk and BI have been neck-and-neck in South Africa for the past three years, increasingly demonstrating a strong link between the two.
“Businesses in South Africa are deeply concerned about the impact of BI, which could result from traditional exposures, such as fire, natural disasters and supply chain disruption, to new triggers stemming from digitisation and interconnectedness that typically come without physical damage, but with high financial loss.
“Breakdown of core IT systems, terrorism or political violence events, product quality incidents or an unexpected regulatory change can bring businesses to a temporary or prolonged standstill with a devastating effect on revenues,” says AGCS Africa CEO Thusang Mahlangu.
BI can have a tremendous effect on a company’s revenues, yet its impact is one of the hardest risks to measure. It is also the most important risk for the sixth year in a row globally, ranking top in 13 countries in Europe, Asia Pacific, and Africa and Middle East regions.
“No business is too small to be impacted,” explains Mahlangu, “A severe interruption can even have a terminal impact, particularly for smaller companies. However, as many businesses transition from being rich in physical assets to deriving more value from intangibles and services, increasingly, BI is being triggered by non-traditional risk exposures, which don’t cause physical damage, but can result in lost income – so-called non-damage business interruption (NDBI).”
Natural catastrophes moved from number seven to number four and also returned to the top three business risks globally.
“The impact of natural catastrophes goes far beyond the physical damage to structures in the affected areas. As industries become leaner and more connected, natural catastrophes can disrupt a large variety of sectors around the world that might not seem directly affected at first glance,” says Ali Shahkarami, head of catastrophe risk research at AGCS.
Meanwhile, the risk impact of new technologies is one of the big movers in the Allianz Risk Barometer, up to number six from number ten. It also ranks as the second top risk for the long-term future after cyber incidents, with which it is closely interlinked.
Vulnerability of automated, or even autonomous or self-learning machines to failure, or malicious cyber acts, such as extortion or espionage, will increase in future and could have a significant impact if critical infrastructure, such as IT networks or power supply, is involved.
“Although there may be fewer smaller losses, due to automation and monitoring minimising the human error factor, this may be replaced by the potential for large-scale losses, once an incident happens,” explains Michael Bruch, head of emerging trends at AGCS.
“Businesses also have to prepare for new risks and liabilities as responsibilities shift from human to machine, and therefore to the manufacturer or software supplier. Assignment and coverage of liability will become much more challenging in future.”
A snapshot of top risks to South African companies in 2018
POSITION 1: Cyber incidents (also first in 2017)
POSITION 2: Business interruption (also second in 2017)
POSITION 3: Changes in legislation and regulation (fifth in 2017)
JOINT POSITION 4: Market developments (third in 2017) and natural catastrophes (seventh in 2017)
JOINT POSITION 6: Fire and explosion (sixth in 2017) and new technologies (10th in 2017)
JOINT POSITION 8: Climate change (unplaced in 2017) and loss of reputation or brand value (unplaced in 2017)
POSITION 10: Macroeconomic developments (third in 2018)