Worries about hackers and cyber attacks — not business rivals or encroaching red tape — are now most likely to keep CEOs awake at night.
Cyber incidents are considered the top risk to businesses globally, according to a survey of 2,718 executives across 100 countries, including CEOs, risk managers, brokers and insurance experts, with 39% listing this as their biggest worry.
Seven years ago, cyber ranked 15th on the business risk list, compiled by Allianz Global Corporate & Specialty (AGCS), with just 6% of respondents picking it.
Among the factors that have got executives worried in the last few years are ransomware costs, which are increasing rapidly, as are the costs of business email compromise attacks. And once the hackers have departed, businesses may face an extra costs in the form of expensive litigation from consumers or investors who have been affected by the outage or data breach.
Mergers and acquisition can also be the source of security threats. If a company buys a business with poor security or existing vulnerabilities, it could become liable for damage done before the merger, or find its own systems at risk.
“Incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands. Five years ago, a typical ransomware demand would have been in the tens of thousands of dollars. Now they can be in the millions,” says Marek Stanislawski, deputy global head of cyber at AGCS.
Business interruption — the top worry for execs over the last seven years — drops to second place behind cyber. Interruptions can have a range of causes, from fire, explosion or natural catastrophes to digital supply chain failures or political violence. Changes in legislation and regulation ranks third, with tariffs, sanctions, Brexit and protectionism cited as key concerns. Around 1,300 new trade barriers were implemented in 2019 alone, the report said.
Climate change was considered the seventh biggest risk.
Concerns about cyber attacks were among the top three risks in Austria, Belgium, France, India, South Africa, South Korea, Spain, Sweden, Switzerland, the UK and the US. Concerns about cyber incidents took the top spot in the US (43%), followed by business interruption (37%) and natural catastrophes (32%).
Cyber attacks weren’t the only tech-generated concern for business, as ‘new technologies’ were also listed as a worry due to the risk that comes from the increasing utilization of artificial intelligence and reliance on third-party digital platforms like cloud computing.
“If a digital platform is unavailable due to a technical glitch or cyber event, the losses for multiple companies reliant on it could be in the hundreds of millions of dollars or higher if they cannot provide services or products,” the report said.
Many incidents are the result of human error, which can be mitigated by training: that can also help mitigate the risk of ransomware attacks, along with other basics like maintaining secure backups. “Business resilience and business continuity planning are also crucial although response plans need to be tested and regularly reviewed,” the report said.