WATCH: Highest risk for SA businesses are cyber attacks survey says
DURBAN - Cyber incidents (46% of responses) ranks as the most important business risk in South Africa for the fourth time since the launch of survey in the country in 2016 and for the first time globally in the ninth Allianz Risk Barometer 2020, relegating perennial top peril at a global level, Business interruption (BI) (40% of responses) to second place.
Cyber incidents ranked number one in 2016, 2017 and 2018 in South Africa. Awareness of the cyber threat has grown rapidly in recent years, driven by companies’ increasing reliance on data and IT systems and a number of high-profile incidents. Seven years ago, it ranked only 15th with just 6 percent of responses.
Changes in legislation and regulation (#3 with 29 percent) and Climate change (#6 with 19 percent) are the biggest climbers globally underlining the US-China trade war, Brexit and global warming as increasing concerns for companies and nations including South Africa. The annual survey on global business risks from Allianz Global Corporate & Specialty (AGCS) incorporates the views of a record 2718 experts in over 100 countries including Chief Executives, risk managers, brokers and insurance experts.
"The Allianz Risk Barometer 2020 highlights that cyber risk and climate change are two significant challenges that companies need to watch closely in the new decade. Of course, there are many other damage and disruption scenarios to contend with, but if corporate boards and risk managers fail to address cyber and climate change risks this will likely have a critical impact on their companies’ operational performance, financial results and reputation with key stakeholders. Preparing and planning for cyber and climate change risks is both a matter of competitive advantage and business resilience in the era of digitalization and global warming," said Joachim Müller, Chief Executive of AGCS
Cyber risks continue to evolve
In addition to being the top risk in South Africa and globally, Cyber incidents is among the top three risks in: Austria, Belgium, France, India, South Korea, Spain, Sweden, Switzerland, the UK and the US it also ranks as the top business risk. Businesses face the challenge of larger and more expensive data breaches, an increase in ransomware and spoofing incidents, as well as the prospect of privacy-driven fines or litigation after an event. A mega data breach ─ involving more than one million compromised records ─ now costs on average $42mn, up 8 percent year-on-year.
"Incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands. Five years ago, a typical ransomware demand would have been in the tens of thousands of dollars. Now they can be in the millions," said Marek Stanislawski, Deputy Global Head of Cyber, AGCS.
Extortion demands are just one part of the picture: Companies can suffer major BI losses due to the unavailability of critical data, systems or technology, either through a technical glitch or cyber-attack. "Many incidents are the results of human error and can be mitigated by staff awareness trainings which are not yet a routine practice across companies," said Stanislawski.
Business interruption – an undiminished threat with new causes
After seven years at the top globally and just over a year as a top risk in South Africa, BI drops to the second position in the Allianz Risk Barometer. However, the trend for larger and more complex BI losses continues unabated. Causes are becoming ever more diverse, ranging from critical infrastructure blackouts such as load shedding, fire, explosion or natural catastrophes to digital supply chains or even political violence.
"Digital supply chains and platforms today allow for full transparency and traceability of goods but a fire at a data center, a technical glitch or a hack could bring large BI losses for multiple companies that all rely and share the same system and which cannot switch back to manual processes," said Raymond Hogendoorn, Global Head of Property and Engineering Claims at AGCS.
Businesses are also increasingly exposed to the direct or indirect impact of riots, civil unrest or terrorism attacks. The past year has seen escalations in Hong Kong, Chile, Bolivia, Colombia and France, resulting in property damage, BI and general loss of income for both local and multinational companies as shops closed for months, customers and tourists stayed away or employees couldn’t access their workplace due to safety concerns. Xenophobic attacks which happened in September last year affected businesses in South Africa and in Nigeria.
Changes in legislation and regulation retains third spot in the Allianz Risk Barometer in South Africa. Tariffs, sanctions, Brexit and protectionism were cited as key concerns. Around 1,300 new trade barriers were implemented in 2019 alone. The US-China trade dispute has brought the US average tariff close to levels last seen in the 1970s.
"Trade policy is becoming just another political tool for many different policy ends, such as economic diplomacy, geopolitical influence or environmental policy," said Ludovic Subran, Chief Economist of Allianz.
He added, "This activism is not restricted to the US: it has spread to Japan and South Korea, India and the EU".
New regulatory challenges in the next decade will focus on environmental impact, de-carbonization and climate change.
"EU sustainability regulation is nothing less than a game changer. The impact on corporates will be as wide-ranging as that of the new rules on accounting and data protection were in the past," said Subran.
Planned laws that businesses in South Africa need to ponder about include: land expropriation without compensation, climate change bill, nationalisation of the South African Reserve Bank and National Health Insurance Bill (NHI).
Critical infrastructure blackouts (load shedding) (23 percent) and Macroeconomic developments (17 percent) are new entrants to the top 10 as they are directly linked.
"South Africa is experiencing short-lived boom bust cycles. The power issue is the main trigger since the output capacity constraint is increasingly binding. This led to the downside in Q3. Along with lower access to power, energy-intensive sectors such as mining, manufacturing, construction and transport contracted. As a result, GDP growth should remain very low, since a solution to the overall power issue has not been found yet," said Stéphane Colliac Senior Economist for France and Africa at Euler Hermes.
Climate change brings added risk complexity
Climate change rises to its highest-ever position of sixth in South Africa (and seventh globally) in the Allianz Risk Barometer and is already in the top three business risks for the Asia-Pacific region overall, driven by risk management experts in countries and territories such as Australia, Hong Kong, India and Indonesia. An increase in physical losses is the exposure businesses fear most (49 percent of responses) as rising seas, drier droughts, fiercer storms and massive flooding pose threats to factories and other corporate assets, as well as transport and energy links that tie supply chains together. Further, businesses are concerned about operational impacts (37 percent), such as relocation of facilities, and potential market and regulatory impacts (35 percent and 33 percent). Companies may have to prepare for more litigation in future – climate change cases targeting ‘carbon majors’ have already been brought in 30 countries around the world, with most cases filed in the US.
"There is a growing awareness among companies that the negative effects of global warming above two degrees Celsius will have a dramatic impact," said Chris Bonnet, Head of ESG Business Services at AGCS.
Bonnet added, "Failure to take action will trigger regulatory action and influence decisions from customers, shareholders and business partners. Ignoring climate risk is more costly than grappling with it. Therefore, every company has to define its role, stance and pace for its climate change transition – and risk managers need to play a key role in this process alongside other functions".
BUSINESS REPORT ONLINE