Cyber perils and business interruption are the two biggest concerns of companies around the world this year, according to the latest Allianz Risk Barometer.
The 11th annual survey from Allianz Global Corporate & Specialty (AGCS) incorporates the views of 2 650 experts in 89 countries and territories, including chief executives, risk managers, brokers and insurance experts. Respondents, mainly from large to mid-sized companies, were questioned between October and November 2021.
Whereas “critical infrastructure blackouts or failure” fell from 15th to 14th position globally, it was the third-biggest concern in South Africa, up from sixth position last year. This, no doubt, reflects the ongoing risks posed by load shedding.
Another difference between the ranking of concerns globally and in South Africa was that “political risk and violence” rose from fifth to fourth position in this country, whereas it fell from 10th to 13th position globally.
“Pandemic” as risk concern fell from second to fourth position globally, and from third to fifth position in South Africa.
AGCS chief executive Joachim Mueller says “business interrupted” is likely to remain the key underlying risk theme this year.
“For most companies, the biggest fear is not being able to produce their products or deliver their services. 2021 saw unprecedented levels of disruption, caused by various triggers. Crippling cyber-attacks, the supply chain impact from many climate change-related weather events, as well as pandemic-related manufacturing problems and transport bottlenecks wreaked havoc. This year only promises a gradual easing of the situation, although further Covid-19-related problems cannot be ruled out. Building resilience against the many causes of business interruption is increasingly becoming a competitive advantage for companies.”
Ransomware attacks drive cyber concerns
Cyber incidents ranked as one of the top three perils in most countries surveyed. The main driver is the recent surge in ransomware attacks, which survey respondents identified as the top cyber threat – along with data breaches – for the year ahead.
According to the survey, there has been a growth in “double extortion” tactics, where cybercriminals combine the initial encryption of data with a secondary form of extortion, such as the threat to release sensitive or personal data. Hackers will also now attempt to encrypt or delete backups, making restoration and recovery more difficult or impossible. A recent trend has seen attackers harass employees to gain access to systems, as well as go directly to company senior executives to demand ransoms.
Recent high-profile cyber-attacks have seen hackers target technology or software supply chains, physical critical infrastructure or digital single points of failure, the survey says.
“Such attacks are of growing concern with the increasing digitalisation of supply chains, as well as the growing reliance on digital infrastructure.”
In December 2021, the Financial Times reported that hackers had launched more than a million attacks on companies around the world in only four days, through an unnoticed vulnerability in a widely used piece of open-source software called Log4J. This followed cyber criminals inserting ransomware into a software update issued by Kaseya.
Last year saw the Colonial Pipeline ransomware attack, the largest against US energy infrastructure, which disrupted fuel supplies, while in South Africa the cyberattack on Transnet severely disrupted the country’s ports.
Increased vulnerability from remote working (34%) and disruption to digital supply chains and cloud platforms (33%) ranked third and fourth in the ranking of cyber risks of concern in this year’s barometer.
Cyber incidents, supply chain disruptions fuel BI risk
Business interruption (BI) ranked as the second-most concerning risk. According to the survey, the most feared cause of BI is cyber incidents, reflecting the rise in ransomware attacks but also the impact of companies’ growing reliance on digitalisation and the shift to remote working.
“Pandemic” as a trigger for BI dropped to third position, just behind “natural catastrophes” and ahead of “shipping and transportation” disruption, which both climbed the rankings in this category year-on-year.
“In the past year, post-lockdown surges in demand have combined with disruption to production and logistics, as Covid-19 outbreaks in Asia closed factories and caused record congestion levels in container shipping ports. Pandemic-related delays compounded other supply chain issues, such as the Suez Canal blockage and the global shortage of semiconductors after plant closures in Taiwan, Japan and Texas from weather events and fires,” the survey says.
“The pandemic has exposed the extent of interconnectivity in modern supply chains and how multiple unrelated events can come together to create widespread disruption. For the first time, the resilience of supply chains has been tested to breaking point on a global scale,” says Philip Beblo, Property Industry Lead, Technology, Media and Telecoms, at AGCS.
According to the recent Euler Hermes Global Trade Report, the Covid-19 pandemic will likely drive high levels of supply chain disruption into the second half of 2022, although mismatches in global demand and supply and container shipping capacity are eventually predicted to ease, assuming no further unexpected developments.
Awareness of BI risks is becoming an important strategic issue across entire companies.
“There is a growing willingness among top management to bring more transparency to supply chains, with organisations investing in tools and working with data to better understand the risks and create inventories, redundancies and contingency plans for business continuity,” says Maarten van der Zwaag, the global head of Property Risk Consulting at AGCS.