Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. The threat of ransomware attacks, data breaches or major IT outages worries companies even more than business and supply chain disruption, natural disasters or the COVID-19 pandemic, all of which have heavily affected firms in the past year.
Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey’s history (44% of responses), Business interruption drops to a close second (42%) and Natural catastrophes ranks third (25%), up from sixth in 2021. Climate change climbs to its highest-ever ranking of sixth (17%, up from ninth), while Pandemic outbreak drops to fourth (22%).
The annual survey incorporates the views of 2,650 experts in 89 countries and territories, including CEOs, risk managers, brokers and insurance experts. View the full global and country risk rankings.
“’Business interrupted’ will likely remain the key underlying risk theme in 2022,” AGCS CEO Joachim Mueller summarizes. “For most companies the biggest fear is not being able to produce their products or deliver their services. 2021 saw unprecedented levels of disruption, caused by various triggers. Crippling cyber-attacks, the supply chain impact from many climate change-related weather events, as well as pandemic-related manufacturing problems and transport bottlenecks wreaked havoc. This year only promises a gradual easing of the situation, although further COVID-19-related problems cannot be ruled out. Building resilience against the many causes of business interruption is increasingly becoming a competitive advantage for companies.”
In the United States, BI (50%) retains its top spot followed by Cyber incidents (37%) and Natural catastrophes (35%).
Ransomware drives cyber concerns while awareness of BI vulnerabilities grows
Cyber incidents ranks as a top three peril in most countries surveyed. The main driver is the recent surge in ransomware attacks, which are confirmed as the top cyber threat for the year ahead by survey respondents (57%). Recent attacks have shown worrying trends such as ‘double extortion’ tactics combining the encryption of systems with data breaches; exploiting software vulnerabilities which potentially affect thousands of companies (for example, Log4J, Kaseya) or targeting physical critical infrastructure (the Colonial Pipeline in the US).
Cyber security also ranks as companies’ major environmental, social and governance (ESG) concern with respondents acknowledging the need to build resilience and plan for future outages or face the growing consequences from regulators, investors and other stakeholders.
“Ransomware has become a big business for cyber criminals, who are refining their tactics, lowering the barriers to entry for as little as a $40 subscription and little technological knowledge. The commercialization of cyber crime makes it easier to exploit vulnerabilities on a massive scale. We will see more attacks against technology supply chains and critical infrastructure,” explains Scott Sayce, Global Head of Cyber at AGCS.
Business interruption (BI) ranks as the second most concerning risk. In a year marked by widespread disruption, the extent of vulnerabilities in modern supply chains and production networks is more obvious than ever. According to the survey, the most feared cause of BI is cyber incidents, reflecting the rise in ransomware attacks but also the impact of companies’ growing reliance on digitalization and the shift to remote working. Natural catastrophes and pandemic are the two other important triggers for BI in the view of respondents.
In the past year, post-lockdown surges in demand have combined with disruption to production and logistics, as COVID-19 outbreaks in Asia closed factories and caused record congestion levels in container shipping ports. Pandemic-related delays compounded other supply chain issues, such as the Suez Canal blockage or the global shortage of semiconductors after plant closures in Taiwan, Japan and Texas from weather events and fires.
“The pandemic has exposed the extent of interconnectivity in modern supply chains and how multiple unrelated events can come together to create widespread disruption. For the first time the resilience of supply chains has been tested to breaking point on a global scale,” says Philip Beblo, Property Industry Lead, Technology, Media and Telecoms, at AGCS.
According to the recent Euler Hermes Global Trade Report, the COVID-19 pandemic will likely drive high levels of supply chain disruption into the second half of 2022, although mismatches in global demand and supply and container shipping capacity are eventually predicted to ease, assuming no further unexpected developments.
Awareness of BI risks is becoming an important strategic issue across entire companies. “There is a growing willingness among top management to bring more transparency to supply chains with organizations investing in tools and working with data to better understand the risks and create inventories, redundancies and contingency plans for business continuity,” says Maarten van der Zwaag, Global Head of Property Risk Consulting at AGCS.
Pandemic preparations improve. Next up – making businesses more weatherproof
Pandemic outbreak remains a major concern for companies but drops from second to fourth position (although the survey predated the emergence of the Omicron variant). While the COVID-19 crisis continues to overshadow the economic outlook in many industries, encouragingly, businesses do feel they have adapted well. The majority of respondents (80%) think they are adequately or well-prepared for a future incident. Improving business continuity management is the main action companies are taking to make them more resilient.
The rise of Natural catastrophes and Climate change to third and sixth position respectively is telling, with both upwards trends closely related. Recent years have shown the frequency and severity of weather events are increasing due to global warming. For 2021, global insured catastrophe losses were well in excess of $100bn – the fourth highest year on record. Hurricane Ida in the US may have been the costliest event, but more than half of the losses came from so-called secondary perils such as floods, heavy rain, thunderstorms, tornados and even winter freezes, which can often be local but increasingly costly events.
Examples included Winter Storm Uri in Texas, the low-pressure weather system Bernd, which triggered catastrophic flooding in Germany and Benelux countries, the heavy flooding in Zhengzhou, China, and heatwaves and bushfires in Canada and California.
Respondents are most concerned about climate-change related weather events causing damage to corporate property (57%), followed by BI and supply chain impact (41%). However, they are also worried about managing the transition of their businesses to a low-carbon economy (36%), fulfilling complex regulation and reporting requirements and avoiding potential litigation risks for not adequately taking action to address climate change (34%).
“The pressure on businesses to act on climate change has increased noticeably over the past year, with a growing focus on net-zero contributions,” observes Line Hestvik, Chief Sustainability Officer at Allianz SE. “There is a clear trend for companies towards reducing greenhouse gas emissions in operations or exploring business opportunities for climate-friendly technologies and sustainable products. In the coming years, many corporate decision-makers will be looking even more closely at the impact of climate risks in their value chain and taking appropriate precautions. Many companies are building up dedicated competencies around climate risk mitigation, bringing together both risk management and sustainability experts.”
Businesses also have to become more weatherproof against extreme events such as hurricanes or flooding. “Previous once-in-a-century-events may well occur more frequently in future and also in regions which were considered ‘safe’ in the past. Both buildings and business continuity planning need to become more robust in response,” says van der Zwaag.
Other risers and fallers
- Shortage of skilled workforce (13%) is a new entry in the top 10 risks at number nine. Attracting and retaining workers has rarely been more challenging. Respondents rank this as a top five risk in the engineering, construction, real estate, public service and healthcare sectors, and as the top risk for transportation.
- Changes in legislation and regulation remains fifth (19%). Prominent regulatory initiatives on companies’ radars in 2022 include anti-competitive practices targeting big tech, as well as sustainability initiatives with the EU taxonomy scheme.
- Fire and explosion (17%) is a perennial risk for companies, ranking seventh as in last year’s survey, while Market developments (15%) falls from fourth to eighth year-on-year and Macroeconomic developments (11%) falls from eighth to 10th.