Business interruption and protectionism accompanied cyber risk on the German insurer’s risk barometer, as well as natural catastrophe risks – since last year’s outsize losses

Cyber claims

Cyber risk is the most important business type of business threat in the UK, according to risk experts polled in Allianz’s Risk Barometer report for 2018.

Potential “cyber hurricane” events and tougher data protection rules shape cyber risk environment for the year-ahead, noted Allianz.

Crisis response is “crucial for mitigation”, continued the German insurance firm.

Business interruption ranked as the top threat for companies globally, according to more than 1,900 risk experts from 80 countries polled.

Closely linked to cyber-attack trends, business interruption’s top ranking was due to the “evolving nature of risk, and rise in cyber-related incidents”, according to Allianz.

“For the first time, business interruption and cyber risk are neck-and-neck in the Allianz Risk Barometer and these risks are increasingly interlinked,” says Chris Fischer Hirs, CEO of Allianz Global Corporate & Specialty’s (AGCS).

“Whether resulting from attacks such as WannaCry, or more frequently, system failures, cyber incidents are now a major cause of business interruption for today’s networked companies whose primary assets are often data, service platforms or their groups of customers and suppliers,” he added.

Cyber risk continued its upward trend globally in the Allianz Risk Barometer, from 15 five years ago to second globally in 2018.

Climbing the UK ranking to second were political uncertainties: changes in legislation and regulation, including concerns around Brexit and new trade barriers and protectionism, rose three places to rank second.

Record-breaking insurance losses in 2017 pushed natural catastrophes and climate change up the risk agenda, observed Allianz.

Business leaders were also worried about so-called emerging risks, including liabilities arising from new technologies.

“Risk managers face a highly complex and volatile environment of both traditional business risks and new technology challenges in future,” said Fischer Hirs.

Allianz described a cyber hurricane – which topped the UK ranking – as hackers disrupting “large numbers of companies through common internet infrastructure dependencies”, adding that such attacks are increasingly common.

“Every company has been, or will be impacted by cyber risk. Far from being over-hyped, the threat is under-appreciated and not always well understood,” according to AGCS’s UK CEO, Brian Kirwan.

“With an increase in the demand for our cyber risk products and in the volume of claims, it’s no surprise to see cyber as the top risk again for businesses in the UK,” he continued.

“Meanwhile, the challenging macro-economic environment, uncertainty around Brexit, new barriers to trade, growing economic and financial balkanization and threat of terrorism will continue to drive up volatility. We need to adapt to the evolving landscape to help our clients understand, manage and protect against these complex risks in 2018,” Kirwan added.

The introduction of the EU’s General Data Protection Regulation (GDPR) in May 2018 will intensify cyber risk scrutiny further, bringing the prospect of more, and larger, fines for businesses watchdogs consider non-compliant.

“Compared to the US where privacy laws have been strict for decades and cyber security and privacy regulation is continuously evolving, firms in Europe now also have to prepare for tougher liabilities and notification requirements,” says AGCS’s global head of cyber, Emy Donavan.

Many businesses will quickly realize that privacy issues can create hard costs once the GDPR is fully implemented,” Donavan said.

“Past experience has shown that a company’s response to a cyber crisis, such as a breach, has a direct impact on the cost, as well as on a company’s reputation and market value. This will become even more the case under the GDPR,” she added.

Last week, insurance broker and risk advisor Aon suggested chief risk officers were “centre stage” in talks on managing cyber risk.