Risk managers worldwide say cyber is the biggest business risk today
Around one-third of risk management experts say cyber is the biggest risk. Business interruption followed closely behind.
Ransomware attacks, data breaches, IT breakdowns and other digital risks rank as the top business risk for the second consecutive year, according to Allianz Global Corporate & Specialty’s (AGCS) Risk Barometer, which surveys more than 2,700 risk management experts in 94 countries.
Scott Sayce, global head of cyber at AGCS and group head of the Cyber Center of Competence, said tension from the war in Ukraine and wider geopolitical problems are changing the cyber-risk environment and increasing the possibility of large-scale cyberattacks.
“The frequency of ransomware attacks remains high, with losses increasing as criminals hone their tactics to extort more money, while the average cost of a data breach is at an all-time high,” Sayce explained in the Risk Barometer report. “At the same time, attacks are not just restricted to large companies, increasingly we see more small and midsize businesses impacted. Then, there is also a growing shortage of cyber security professionals, which brings challenges when it comes to improving security.”
Slightly more than a third of respondents said cyber was the biggest risk, just ahead of business interruption. However, the former influences the latter, AGCS found. In addition to being the risk small companies fear most, cyber incidents are also the cause of business interruption companies are most afraid of.
Malicious attacks, human error and technical glitches can all result in business interruptions. AGCS reported business interruption is the biggest cost in 57% of cyber-related claims submitted globally during the past five years. Further, business interruption is seen as a significant driver of rising claims severity.
Cyber-related business interruptions are also becoming more prevalent as businesses across industry sectors push for more digitization, according to Marianna Grammatika, regional head of risk consulting at AGCS.
“Digital risks are intangible, often not well understood and can be difficult to quantify. While the drive to have more efficient processes is positive, companies need to implement technology with the right balance of protection against cost,” Grammatika said in the report.
With heightened sensitivity to data privacy and a slew of related regulations globally, data breach events are the cyber risk companies worry about the most. In addition to negative publicity and litigation, these incidents can lead to fines, penalties and notification costs. AGCS reported the average data breach cost $4.35 million in 2022, an all-time high. That average is expected to surpass $5 million this year.
Ransomware ranked as the second biggest cyber risk, according to the survey, as the worldwide frequency of attacks and claims costs remain high. AGCS reported that double and triple extortion attacks are now common.
Related: