Cyber incidents ranked as the top business risk globally for the first time in the Allianz Risk Barometer 2020.
Thirty-nine per cent (39%) of respondents named cyber incidents as the top peril, according to Allianz, knocking the former top risk, business interruption, into second place at 37%. Awareness of cyber threats has grown rapidly in recent years as companies’ reliance on data and IT systems increases, according to the firm. Seven years ago, cyber incidents ranked 15th on the list of top business risks.
Changes in legislation and regulation (number three with 27%) and climate change (number seven with 17%) were the biggest climbers globally, according to the insurance giant.
“The Allianz Risk Barometer 2020 highlights that cyber risk and climate change are two significant challenges that companies need to watch closely in the new decade,” said Joachim Müller, CEO of Allianz Global Corporate & Specialty (AGCS). “Of course, there are many damage and disruption scenarios to contend with, but if corporate boards and risk managers fail to address cyber and climate change risks, this will likely have a critical impact on their companies’ operational performance, financial results and reputation with key stakeholders. Preparing and planning for cyber and climate change risks is both a matter of competitive advantage and business resilience in the era of digitalisation and global warming.”
Cyber risk is continuing to evolve, with businesses facing larger and costlier data breaches, an increase in ransomware and spoofing incidents, and the possibility of fines or litigation after a cyber event, Allianz said. A mega data breach – a breach involving more than one million compromised records – now costs an average of $42 million, up 8% year over year.
“Incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands,” said Marek Stanislawski, deputy global head of cyber for AGCS. “Five years ago, a typical ransomware demand would have been in the tens of thousands of dollars. Now they can be in the millions.”
Cyber incidents can also cause companies to suffer major business interruption losses due to the unavailability of critical data, systems or technology.
“Many incidents are the results of human error and can be mitigated by staff awareness trainings, which are not yet a routine practice across companies,” Stanislawski said.