Marsh has surveyed New Zealand directors to find out what they consider to be the biggest threats to business in 2017, and found cyber-attacks came out as number one, having leapt to that position in just four years from not even ranking in the top five risks in 2013.
Marsh country head for New Zealand,
Marcus Pearson, said on top of that there was concern that insurance companies could not keep up with the rapid pace of change.
“It comes as no surprise there is frustration at the perceived slow progress of affordable, practical insurance protection for cyber related risks as insurance companies struggle to adapt to the pace of change,” he said.
“There are deep concerns about the potential for losses that hyper-connectivity brings as cyber threats move from defending against website defacements, denial of service attacks and data breaches to more serious attacks on cyber-physical systems controlling physical assets and critical infrastructure.”
The third Directors’ Risk Survey found 79% of those surveyed rating the impact of a cyber-attack on their organisation’s strategic growth, operational efficiency and legal/contractual compliance as medium or high.
Sixty-five per cent of respondents believed the risk environment would increase during 2017, and in the public sector that perception was shared by 83% of directors.
Tech-related risks topped this year’s lists for both external (cyber-attack) and internal (major IT incident) risks considered to have the greatest potential impact to businesses.
Want the latest insurance industry news first? Sign up for our completely free newsletter service now.
Three-quarters of the directors surveyed considered an IT disruption to be a high or medium internal risk.
More alarming was the revelation that 32% of directors said they did not have the framework in place to manage the risk of a cyber-attack, which echoed the results of the Institute of Directors’ own Director Sentiment Survey conducted late last year.
This showed that barely one third of directors had the capability to deal with their organisation’s digital future.
The manager of the Institute of Directors Governance Leadership Centre, Felicity Caird, said the management of risk was critical to a board providing strategic leadership and creating value, adding that the need to stay current was emphasised by the report.
“Technology is an integral part of business capability and boards need to take responsibility to be able to lead in this new era,” she said.
“Digital leadership is critical in a disruptive world. Technology continues to be a strong theme when it comes to internal risks so developing board and organisational capability must be areas of focus for directors to ensure organisations are resilient.”
Another key finding in the survey was that 62% respondents envisaged that the increasing influence of social media would have an impact on their business over the next year, ahead of talent attraction and retention (59%), and increased corporate governance requirements (55%).
Pearson said one positive finding from this year’s survey was that the majority of boards spent more time on risk management than in 2016, however he pointed to one major factor behind that shift.
“Eighty-four per cent of respondents indicated their boards spent either a significant or moderate amount of time on risk management,” he said.
“The motivation for this though, is likely to be a direct result of a sea change in the health and safety responsibilities of company directors.”
Related stories:
Marsh’s ‘serious concerns’ about fire levy proposals
Kiwi directors not worried enough about personal risk