Allianz Risk Barometer 2020: Cyber and climate change rank as top risks amongst Indian companies

 For the third year in a row, Cyber incidents (49% of responses) ranks as the most important business risk in India in the ninth Allianz Risk Barometer 2020. Awareness of the cyber threat has grown rapidly in recent years, driven by companies increasing reliance on data and IT systems and a number of high-profile incidents. Climate change rises to its highest-ever position, jumping six spots to (#2 with 30%) as global warming has become an increasing concern for companies and nations. Business Interruption remains at #3 (30%) The annual survey on global business risks from Allianz Global Corporate & Specialty (AGCS) incorporates the views of a record 2,718 experts in over 100 countries including CEOs, risk managers, brokers and insurance experts. “While 2019 saw no major global cyber-incidents in the vein of past events like WannaCry and NotPetya, businesses are increasingly cognizant of the costs associated with being a victim of a cyber-attack, with IBM estimating the average cost of a data breach being slightly under US$4m,” says Mark Mitchell Asia Pacific CEO of AGCS. He added: “Rounding up the top 3 risks in the region is Climate Change. In a year which saw Greta Thunberg address the United Nations, Climate Change was a big riser, having only ranked 8^th in the previous edition, reflecting the increased scrutiny and pressure that businesses are under to operate in a sustainable manner.” Cyber risks continue to evolve In addition to being the top risk globally, Cyber incidents is among the top three risks in 80% of the countries surveyed in Asia Pacific, with India and South Korea ranking it as the top business risk. Businesses face the challenge of larger and more expensive data breaches, an increase in ransomware and spoofing incidents, as well as the prospect of privacy-driven fines or litigation after any event. A mega data breach – involving more than one million compromised records – now costs on average $42mn^[1], up 8% year-on-year. Mr CB Murali, CEO of AGCS India, said that Indian companies are increasingly vulnerable to cyber and malware attacks. In 2019 alone, Indian firms where faced with 14.6Crore of malware attacks, a staggering 48% rise from the year before. “Incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands. Five years ago, a typical ransomware demand would have been in the tens of thousands of dollars. Now they can be in the millions,” says Marek Stanislawski, Deputy Global Head of Cyber, AGCS. Extortion demands are just one part of the picture: Companies can suffer major BI losses due to the unavailability of critical data, systems or technology, either through a technical glitch or cyber-attack. “Many incidents are the results of human error and can be mitigated by staff awareness trainings which are not yet a routine practice across companies,” says Stanislawski. Globally, Climate change rises to its highest-ever position of seventh in the Allianz Risk Barometer and is already in the top three business risks for the Asia-Pacific region overall, driven by risk management experts in countries and territories such as India, Australia, Hong Kong, and Indonesia. An increase in physical losses is the exposure businesses fear most (49% of responses) as rising seas, drier droughts, fiercer storms and massive flooding pose threats to factories and other corporate assets, as well as transport and energy links that tie supply chains together. Furthermore, business are concerned about operational impacts (37%), such as relocation of facilities, and potential market and regulatory impacts (35% and 33%). Companies may have to prepare for more litigation in future – climate change cases targeting ‘carbon majors’ have already been brought in 30 countries around the world, with most cases filed in the US. “There is a growing awareness among companies that the negative effects of global warming above two degrees Celsius will have a dramatic impact on bottom line results, business operations and reputation,” says Chris Bonnet, Head of ESG Business Services at AGCS. “Failure to take action will trigger regulatory action and influence decisions from customers, shareholders and business partners. Therefore, every company has to define its role, stance and pace for its climate change transition – and risk managers need to play a key role in this process alongside other functions.” Business interruption – an undiminished threat with new causes BI remains at #3 in India as the trend for larger and more complex BI losses continues unabated. Causes are becoming ever more diverse, ranging from fire, explosion or natural catastrophes to digital supply chains or even political violence. “Digital supply chains and platforms today allow for full transparency and traceability of goods but a fire at a data center, a technical glitch or a hack could bring large BI losses for multiple companies that all rely and share the same system and which cannot switch back to manual processes,” says Raymond Hogendoorn, Global Head of Property and Engineering Claims at AGCS. Global results largely mirrors India’s, with Climate change (#7 with 17%) also moving up the rankings vis-à-vis the previous year, though not as drastically as India, a reflection of how the effects of global warming have been more severely felt closer to home. Changes in legislation and regulation (#3 with 27%) rounds up the top 3 globally as businesses are increasingly concerned over the US-China trade war and Brexit. “The Allianz Risk Barometer 2020 highlights that cyber risk and climate change are two significant challenges that companies need to watch closely in the new decade,” says Joachim Müller, CEO of AGCS. “Of course, there are many other damage and disruption scenarios to contend with but if corporate boards and risk managers fail to address cyber and climate change risks this will likely have a critical impact on their companies’ operational performance, financial results and reputation with key stakeholders. Preparing and planning for cyber and climate change risks is both a matter of competitive advantage and business resilience in the era of digitalization and global warming.