Cyber and BI risks are increasingly interlinked as ransomware attacks or accidental IT outages often result in disruption of operations and services, costing hundreds of millions of dollars, warn AGCS on the launch of its Risk Barometer 2019
Companies around the globe consider Cyber risk and Business Interruption (BI) the greatest threats to their businesses, according to the latest Allianz Risk Barometer, which was published at the beginning of this year.
The two perils polled 37 per cent each in the annual survey on global business risks from Allianz Global Corporate & Specialty. It is the seventh consecutive year that BI has topped the survey while concern over Cyber incidents continues to grow fuelled by high-profile losses. And the two threats are interlinked with ransomware attacks or accidental IT outages often resulting in disruption of operations.
“Businesses face an increasing number of BI scenarios. Many can occur without physical damage but with high losses,” says Tracey Hunt, Allianz’s Deputy CEO London. “Events such as breakdown of core IT systems, product recall or quality incidents, terrorism, political violence or rioting and environmental pollution incidents can bring businesses to a standstill.
“Incidents such as power surges or failed IT migrations can cost hundreds of millions. Reliance on IT service providers – such as cloud services, online booking platforms and supply chain systems – also brings potential contingent business interruption exposures.”
Cyber-crime now costs an estimated $600bn a year and incidents are increasingly likely to spark litigation, including securities and consumer class actions.
Meanwhile, risk managers say that as digitalisation increased it has brought a revolution as Cyber risk has become an enterprise-wide concern for companies.
“A couple of years ago it was much more of an IT issue. The management of cyber risk is becoming an overall issue of the company, it is not an IT issue, it is a risk issue for the whole of the company,” says Jo Willaert, President IFRIMA & FERMA.
“Cyber risk is the number one issue that the board has to face. Cyber risk is now integrated through the whole company and it is one of the major causes of BI. The risk is now a global responsibility of the group, it means the board has responsibility and it should be supported by all the players who are involved including IT, Communications, Legal, Human Resources and all the other support departments of the company.
“As a consequence of that the risk manager is the most appropriate person to co-ordinate that and to analyse that the strategies of the departments and the boards, to see what the risks are and analyse them and advise the board on how to avoid the risk of BI.
“We also see that in the insurance policies. Five years ago a cyber policy focussed its coverage on Professional Indemnity, now the policies have the purpose of covering BI.”
However, although Cyber risk is increasing along with company’s dependency on IT the awareness of the threat drops dramatically from large corporations to small-and-medium sized businesses (SMEs).
“The awareness is not there for manging the risks especially the management of proper resilience,” says Philippe Cotelle, Head of Airbus Defence and Space Insurance Risk Management. “They need to try to improve the security and the business to promote the right level of efficiency. That needs to be combined with a proper cyber insurance, which is dedicated to the exposure profile and risk appetite of the company.
“All that is a combination that has to be implemented at corporate level. To varying degrees we’re all aware of this exposure and that we have to do something. For the mid-level and smaller companies it is not something that has developed because the maturity of cyber risk is not that high. To some extent cyber risk is one risk among many others and, rightly or wrongly, they consider the other risks are more challenging and don’t see themselves as likely targets for cyber exposure.”
No comments yet