The Allianz Risk Barometer 2018 report reveals that cyber incidents remain a top threat with 38% of responses for a third year in a row for South African businesses. Business interruption (BI) second at 34%, and changes in legislation and regulation is in third place at 29%/ number 5 in 2017.
These are the key findings of the seventh Allianz Risk Barometer, which is published annually by Allianz Global Corporate & Specialty (AGCS).The 2018 report is based on the insight of a record 1,911 risk experts from 80 countries.
The report unveils two new SA business threats that have emerged as part of the top 10 list, which are climate change/increasing volatility of weather and loss of reputation or brand value, both at 16% both at number 8. These new threats are not surprising, especially given the extreme weather patterns that have resulted in frequent droughts and floods affecting the country.
Market developments as a threat has slightly declined to fourth place at 23% from number 3 in 2019 regardless of prevailing political uncertainly and a difficult business environment.
Fire, explosion and new technologies in sixth place are both at 19% proving this is still a concern as South Africa was plagued with incidents of large fires at Durban Harbour, Braampark and Knysna. Macroeconomic developments (13% of responses) slid a staggering jump of seven places to number 10 on the list.
“Although, cyber awareness has significantly increased, particularly among small and medium sized businesses, it is more challenging for these enterprises to tackle this issue compared to larger corporations”
Multiple threats such as data breaches, network liability, hacker attacks or cyber BI, ensure it is the top business risk in South Africa and 10 other surveyed countries and the Americas region and number 2 in Europe and Asia Pacific.
It also ranks as the most underestimated risk and the major long-term peril. Cyber incidents through events such as WannaCry and Petya ransomware attacks brought significant financial losses to a large number of businesses. South African businesses were not left unscathed.
In October last year, more than 30 million South Africans’ personal information was exposed online in what is considered country’s biggest data breach. The potential for so-called “cyber hurricane” events to occur, where hackers disrupt larger numbers of companies by targeting common infrastructure dependencies, will continue to grow in 2018.
“South Africa is reported to have the third highest number of cybercrime victims worldwide, losing billions of Rands a year to cyber attacks and experiencing more cyber attacks than its African counterparts. Although, cyber awareness has significantly increased, particularly among small and medium sized businesses, it is more challenging for these enterprises to tackle this issue compared to larger corporations,” says Nobuhle Nkosi Cyber Insurance Expert at AGCS Africa.
Allianz Risk Barometer results show that awareness of the cyber threat is soaring among small- and medium-sized businesses, with a significant jump from # 6 to # 2 for small companies and from # 3 to # 1 for medium-sized companies. With regard to sector exposure, cyber incidents rank top in the Entertainment & Media, Financial Services, Technology and Telecommunications industries.
Cyber risk and business interruption have been neck-and-neck in South Africa for the past three years increasingly demonstrating a strong interlink between the two.
“Businesses in South Africa are deeply concerned about the impact of business interruption, which could result from traditional exposures, such as fire, natural disasters and supply chain disruption, to new triggers stemming from digitalization and interconnectedness that typically come without physical damage, but with high financial loss. Breakdown of core IT systems, terrorism or political violence events, product quality incidents or an unexpected regulatory change can bring businesses to a temporary or prolonged standstill with a devastating effect on revenues,” says AGCS Africa CEO Thusang Mahlangu.
BI can have a tremendous effect on a company’s revenues. Yet its impact is one of the hardest risks to measure. It is also the most important risk for the sixth year in a row globally, ranking top in 13 countries in Europe, Asia Pacific, and Africa & Middle East regions.
“No business is too small to be impacted,” explains Mahlangu, “A severe interruption can even have a terminal impact, particularly for smaller companies. But as many businesses transition from being rich in physical assets to deriving more value from intangibles and services, increasingly, BI is being triggered by non-traditional risk exposures which don’t cause physical damage but result in lost income – so-called nondamage business interruption (NDBI).”
“As industries become leaner and more connected, natural catastrophes can disrupt a large variety of sectors that might not seem directly affected at first glance”
Natural catastrophes moved from 7th position to 4th and also returned to the top three business risks globally. “The impact of natural catastrophes goes far beyond the physical damage to structures in the affected areas. As industries become leaner and more connected, natural catastrophes can disrupt a large variety of sectors that might not seem directly affected at first glance around the world,” says Ali Shahkarami, Head of Catastrophe Risk Research, AGCS.
Respondents fear 2017 could be a harbinger of increasing intensity and frequency of natural hazards. Climate change/increasing weather volatility is a new entrant in the Risk Barometer top 10 in 2018 locally and globally and the loss potential for businesses is further exacerbated by rapid urbanization in coastal areas.
Meanwhile, the risk impact of new technologies is one of the big movers in the Allianz Risk Barometer, up to number 6 from 10. It also ranks as the second top risk for the long-term future after cyber incidents, with which it is closely interlinked. Vulnerability of automated or even autonomous or self-learning machines to failure or malicious cyber acts, such as extortion or espionage, will increase in future and could have a significant impact if critical infrastructure, such as IT networks or power supply, is involved.
“Although there may be fewer smaller losses due to automation and monitoring minimizing the human error factor, this may be replaced by the potential for large-scale losses, once an incident happens,” explains Michael Bruch, Head of Emerging Trends, AGCS. “Businesses also have to prepare for new risks and liabilities as responsibilities shift from human to machine, and therefore to the manufacturer or software supplier. Assignment and coverage of liability will become much more challenging in future.”