The risk landscape for businesses is substantially changing in 2016. While businesses are less concerned about the impact of traditional industrial risks such as natural catastrophes or fire, they are increasingly worried about the impact of other disruptive events, fierce competition in their markets and cyber incidents. These are key findings of the Allianz Risk Barometer 2016, the fifth annual survey on corporate risks published by Allianz Global Corporate & Specialty (AGCS), which surveyed over 800 risk managers and insurance experts from more than 40 countries.
According to the Allianz Risk Barometer business and supply chain interruption (BI) remains the top risk for businesses globally for the fourth year in succession. However, many companies are concerned that BI losses, which usually result from propertydamage, will increasingly be driven by cyber-attacks, technical failure or geo-political instability as new "non-physical damage" causes of disruption. Meanwhile, two of the major risers in this year’s Allianz Risk Barometer feature in the top three corporate risks for the first time with market developments ranking second and cyber incidents third. Cyber incidents are also cited as the most important long-term risk for companies in the next 10 years. In contrast, natural catastrophes drops two positions to fourth year-on-year, reflecting the fact that in 2015 losses from natural disasters reached their lowest level since 2009.
"The corporate risk landscape is changing as many industrial sectors are undergoing a fundamental transformation," explains AGCS CEO Chris Fischer Hirs. "New technologies, increasing digitalization and the ‘Internet of Things’ are changing customer behavior, industrial operations and business models, bringing a wealth of opportunities, but also raising awareness of the need for an enterprise-wide response to new challenges. As insurers we need to work together with our corporate clients to help them to address these new realities in a comprehensive manner."
Challenging market environment
More than a third of responses (34%) cited market developments such as intensified competition or market volatility/stagnation as one of the three most important business risks in 2016, ranking this new survey category (In the 2015 Allianz Risk Barometer market developments risks were ranked separately, not as one collective peril) as the second top peril overall. Market developments are a particular concern in the engineering, financial services, manufacturing, marine and shipping, pharmaceutical and transportation sectors, where this risk ranks among the top three business risks respectively. In addition, this risk ranks as a top two concern in Europe, Asia-Pacific and Africa & Middle East.
Many businesses are facing a growing number of challenges which threaten their profitability and possibly also their business models. "Businesses constantly have to be on their toes, turning out new products, services or solutions in order to stay relevant to the customer and to thrive in this rapidly changing and globally competitive environment," explains Bettina Stoob, Head of Innovation at AGCS. "Innovation cycles are becoming rapidly shorter; market entry barriers are coming down; increasing digitalization and new "disruptive" technologies have to be quickly adopted while potentially more agile start-ups are entering the game." At the same time businesses are also having to comply with changing or enforced regulation, increasing safety requirements or import/export restrictions.
Rising sophistication of cyber attacks
Cyber risk appears in many forms, all of which can represent major threats to business. Companies increasingly face new exposures, including firstand third-party damage, business interruption and regulatory consequences. It is estimated that cyber-crime alone costs the global economy approximately $445bn a year with the world’s largest economies accounting for around half of this, data analyzed in an AGCS report (A Guide to Cyber Risk: Managing The Impact of Increasing Interconnectivity) shows. The threat posed by such incidents is expected to increase further during 2016.
According to Symantec Corporation risks associated with the increasing use of Apple devices and the "Internet of Things" are among the factors which will drive this increase. The US software security firm predicts that attacks on critical infrastructure will also rise. This increasing risk is reflected in the Risk Barometer with cyber incidents (cyber-crime, data breaches, IT failures) gaining 11 percentage points year-onyear to move into the top three risks for the first time (28%). Three years ago this peril ranked just 15th (6%).
Loss of reputation (69%) is the main cause of economic loss for businesses after a cyber incident, according to responses, followed by business interruption (60%) and liability claims after a data breach (52%).
Due to the almost automatic blow a company’s reputation can sustain in the event of a cyber incident many attacks still go unreported. However, many network outages and disruptions, that are not caused by cyber-attacks, but by technical issues, are not made public for similar reasons.
A lack of understanding (48%) of the complexity of the risks involved is cited as the main factor preventing companies from being better prepared to combat cyber threats. Not having a concrete assessment of the cost of the risks involved (46%) ranks second. Budgetary constraints (39%) ranks third. "Attacks by hackers are becoming more targetoriented, lasting for longer and can trigger a continuous penetration," says Jens Krickhahn, Practice Leader Cyber & Fidelity, at AGCS Financial Lines Central & Eastern Europe. "Studies show that it takes, on average, 90 days for businesses to discover they have been hacked. Often the incident is identified, not by the business itself, but by the customer or another stakeholder, which is another reason why cyber risks pose a huge threat to a company’s reputation.
"The fact that companies often only recognize the loss when an attack has already happened means all they can do is try and prevent further damage. This is why prevention is such a key element in IT security. Managing cyber risk has to be an integral part of any company’s risk management strategy."
Geo-political instability causing disruption
BI remains the top peril in the Allianz Risk Barometer for the fourth year in succession with 38% of responses. Indeed BI losses for businesses are increasing, typically accounting for a much higher proportion of the overall loss than a decade ago and often substantially exceeding the direct propertyloss, as AGCS insurance claims analysis shows. According to responses, major causes of BI feared most by companies are natural catastrophes (51%), closely followed by fire/explosion (46%). However, according to the survey’s findings, multinational companies are also increasingly worried about the disruptive impact of geo-political instability as war or upheaval could impact their supply chains or their staff or assets could suffer from acts of terrorism.
"Businesses need to prepare for a wider range of disruptive forces in 2016 and beyond," says Axel Theis, Member of the Board of Management, Allianz SE. "The increasing impacts of globalization, digitalization and technological innovation pose fundamental challenges."
Figure 01: Top 10 Global Business Risks for 2016
Figure 02: Top business risks in 2016 by industry [Source: Allianz Global Corporate & Specialty. Figures represent the number of responses as a percentage of all responses (between 40 and 149 responses per industry). More than one risk selected]
Figure 03: Top 10 business risks by region in 2016: Europe [Source: Allianz Global Corporate & Specialty. Figures represent a percentage of all relevant responses. Responses for Asia Pacific 138; Europe 403. More than one risk selected]