The Allianz Risk Barometer 2018 report reveals that cyber incidents remain a top threat with 38% of responses for a third year in a row for South African businesses. Business interruption (BI) second at 34%, and changes in legislation & regulation is in third place at 29%/ number 5 in 2017. These are the key findings of the seventh Allianz Risk Barometer, which was published on 16 January 2018 by Allianz Global Corporate & Specialty (AGCS). The 2018 report is based on the insight of a record 1,911 risk experts from 80 countries.
The report unveils two new South African business threats that have emerged as part of the top 10 list, which are climate change/ increasing volatility of weather and loss of reputation or brand value, both at 16% both at #8. These new threats are not surprising, especially given the extreme weather patterns that have resulted in frequent droughts and floods affecting the country.
Market developments as a threat has slightly declined to fourth place at 23% from number 3 in 2017 regardless of prevailing political uncertainly and a difficult business environment. Fire, explosion and new technologies are in sixth place and are both at 19% proving this is still a concern as South Africa was plagued with incidents of large fires at Durban Harbour, Braampark and Knysna. Macroeconomic developments (13% of responses) slid seven places to number 10 on the list.
Multiple threats such as data breaches, network liability, hacker attacks or cyber BI, ensure it is the top business risk in South African, as well as 10 other surveyed countries including the Americas region. It was number 2 in the Europe and Asia Pacific regions. It also ranks as the most underestimated risk and the major long-term peril. Cyber incidents through events such as WannaCry and Petya ransomware attacks brought significant financial losses to a large number of businesses. South African businesses were not left unscathed. In October last year, more than 30 million South Africans’ personal information was exposed online in what is considered country’s biggest data breach. The potential for so-called “cyber hurricane” events to occur, where hackers disrupt larger numbers of companies by targeting common infrastructure dependencies, will continue to grow in 2018.
“South Africa is reported to have the third highest number of cybercrime victims worldwide, losing billions of Rands a year to cyber attacks and experiencing more cyber attacks than its African counterparts. Although, cyber awareness has significantly increased, particularly among small and medium sized businesses, it is more challenging for these enterprises to tackle this issue compared to larger corporations,” says Nobuhle Nkosi Cyber Insurance Expert at AGCS Africa.
Allianz Risk Barometer results show that awareness of the cyber threat is soaring among small- and medium-sized businesses, with a significant jump from number 6 to number 2 for small companies and from number 3 to number 1 for medium-sized companies. With regard to sector exposure, cyber incidents rank top in the Entertainment & Media, Financial Services, Technology and Telecommunications industries.
Cyber risk and business interruption have been neck-and-neck in South Africa for the past three years increasingly demonstrating a strong interlink between the two. “Businesses in South Africa are deeply concerned about the impact of business interruption, which could result from traditional exposures, such as fire, natural disasters and supply chain disruption, to new triggers stemming from digitalisation and interconnectedness that typically come without physical damage, but with high financial loss. Breakdown of core IT systems, terrorism or political violence events, product quality incidents or an unexpected regulatory change can bring businesses to a temporary or prolonged standstill with a devastating effect on revenues,” says AGCS Africa CEO Thusang Mahlangu.
Natural catastrophes moved from number 7 to number 4 in South Africa and also returned to the top three business risks globally. “The impact of natural catastrophes goes far beyond the physical damage to structures in the affected areas. As industries become leaner and more connected, natural catastrophes can disrupt a large variety of sectors that might not seem directly affected at first glance around the world,” says Ali Shahkarami, Head of Catastrophe Risk Research, AGCS.
Meanwhile, the risk impact of new technologies is one of the big movers in the Allianz Risk Barometer, up to number 6 from number 10. It also ranks as the second top risk for the long-term future after cyber incidents, with which it is closely interlinked. Vulnerability of automated or even autonomous or self-learning machines to failure or malicious cyber acts, such as extortion or espionage, will increase in future and could have a significant impact if critical infrastructure, such as IT networks or power supply, is involved.
“Although there may be fewer smaller losses due to automation and monitoring minimising the human error factor, this may be replaced by the potential for large-scale losses, once an incident happens,” explains Michael Bruch, Head of Emerging Trends, AGCS. “Businesses also have to prepare for new risks and liabilities as responsibilities shift from human to machine, and therefore to the manufacturer or software supplier. Assignment and coverage of liability will become much more challenging in future.”