Allianz Risk Barometer, the annual corporate risk survey conducted among Allianz customers, brokers and industry trade organisations incorporates the views of 2,650 respondents from the UK and across the globe.
The Top 3 UK Concerns
The 2022 report highlighting the most important business risks for the next 12 months and beyond, established that Cyber was the new top concern for businesses in the UK and across the globe, with over 50% of UK respondents stating this as their most concerning risk.
Understandably, Covid-19 continues to cast its shadow particularly as the cyber risk is heightened by companies’ growing reliance on technology and the shift to remote and flexible working. This only increases the risks businesses face, in addition to the usual ransomware and other cyber-attacks that continue to disrupt businesses.
Business Interruption (BI) has dropped from the top spot to second place in the rankings this year, despite a year of unprecedented global supply chain disruption – only the third time in the 11-year history of the Allianz Risk Barometer that it is not ranked top. However, Despite the ongoing repercussions of Covid-19, the most feared cause of BI in this year’s survey is cyber!
Surprisingly Climate Change was the third ranking concern for respondents in the UK and received its highest ever ranking of 6th on the global rankings.
The top cyber exposure of concern was Ransomware, just ahead of data breaches. Ransomware remains big business for cyber criminals, with the commercialisation of cyber crime making it easier for criminals to exploit vulnerabilities on a massive scale. Now those criminals with very little technical knowledge can carry out ransomware attacks for as little as a $40 per month subscription, using cryptocurrency to help evade detection.
Another change in the way these criminals operate is the use of ‘double extortion’ tactics, combining the initial encryption of data with a threat to release sensitive or personal data. Encryption or deletion of backups, making restoration and recovery more difficult or even impossible is another disturbing and growing trend. This is only overshadowed by the recent alarming incidents where attackers harass employees to gain access to systems, as well as going directly to company senior executives to demand ransoms.
Cyber claims increased significantly over the past few years and remain at elevated levels, both in terms of claim numbers and claim payments. Ransomware tops the claims list too, with the number of claims received in the first half of 2021 higher than the total number for the whole of 2019. Extortion demands have more than doubled and BI losses have escalated as larger businesses and their supply chains are targeted.
It is important to remember that the rise in claims will be impacted by the number of businesses that now have cyber insurance, which has also risen significantly as businesses acknowledge their increased vulnerability – remote working, disruption to digital supply chains and cloud platforms ranked third and fourth as cyber risks of concern.
For those businesses that have yet to include Cyber Insurance as part of their programme, the cyber risk landscape has changed and insurer focus has turned to effective cyber risk management. Each proposal form is now assessed with insurers looking for proactive technology controls such as endpoint protection and multi-factor authentication in addition to regular backups, training, business continuity and crisis response plans. Cyber Insurance is now seen as part of a holistic approach to building cyber security resilience, combining with technology, training, monitoring and response testing. If cyber insurance is to be sustainable, this is the way forward.
Business interruption ranks as the second most concerning risk, not just in the UK but globally, which comes as no surprise following a year of unprecedented global supply chain disruption following a pandemic and an increase in cyber-attacks.
Whether it’s a cyber-attack, a flood or fire affecting a critical business location or supplier, business interruption events can have a very costly and lengthy impact extending well beyond the organisation to suffer the incident and impact the entire supply chain. It may not be your organisation that’s directly impacted, but it may prevent you from being able to produce your products or deliver your services.
There are multiple triggers for BI and in recent years cyber and pandemic have risen to the fore – as mentioned previously the most feared cause of BI this year is cyber. However, it would be foolish to underestimate traditional causes of businesses interruption such as fire or flood. There’s little you can do to mitigate the risk of supply chain disruption, but like cyber you can manage some of the risk of traditional BI triggers and put in place prevention measures and resilience plans.
It was surprising to see climate change leap up the rankings to third place for the UK, climbing to 6th in the global rankings. However, this has been a recurring news item over the last year or so and the increasing pressure on businesses to act on climate change has increased noticeably.
In the UK there is a growing focus on net-zero and the government landmark Net Zero Strategy launched in October 2021, at the time the Allianz Risk Barometer survey was conducted, which may have had an impact on the ranking as it was at the forefront of respondent’s minds. The Net Zero Strategy sets out the policies and proposals for decarbonising all sectors of the UK economy to meet our net zero target by 2050. The devolved administrations also committed to the Net Zero target as recommended by the Climate Change Committee.
The risks to businesses from climate change are also having an impact on Business Interruption, particularly in relation to damage and closures following extreme weather events. We have seen multiple ‘danger to life’ warnings issued for flooding in February across the Midlands, with devastation to businesses that had barely recovered from previous floods. This also has an impact on brand and reputation, alongside supply chain issues, that can have a long term impact even when the flooding has subsides and the business reopens.
So, what can you do?
The Allianz Risk Barometer has highlighted the current issues keeping business owners awake at night, both in the UK and across the globe. But the old saying ‘only worry about things you can control’ springs to mind – you can’t stop cyber attacks, container ships blocking the Suez Canal or flooding, but you can manage the risk to your business and put in place the insurance cover to protect you should the worst happen.
Identify the biggest risks to your own business, determine what you can control and create a plan to implement any changes you need to make to improve your resilience. If it’s within your control, tackle it, if not then insure against it.