Cyber is now a top threat for business, ranked alongside the closely related risk of business interruption, according to the Allianz Risk Barometer 2019.
The annual survey, which polls over 2,400 risk professionals from 86 countries, ranked cyber as the top risk for business, tied with business interruption and up from second place in the 2018 report. According to Allianz, cyber risk is now a core concern for
global businesses – it was marked as the single biggest risk for the aerospace, media, financial, professional services, technology and telecom sectors.
The insurer says its clients now view cyber on par with major traditional exposures, like natural catastrophes, fire and explosion. Allianz estimates the average insured loss from a cyber incident is now EUR 2 million, more than the EUR 1.5 million average insured loss from a fire/explosion incident, while losses from major events can be in the hundreds of millions or higher.
The report notes cyber crime now costs an estimated USD 600 billion a year, almost three times the 10-year average economic loss from natural catastrophes of USD 208 billion.
Cyber incidents are increasingly likely to spark litigation, including securities and consumer class actions, while data breaches or IT outages can generate large third party liabilities as affected customers or shareholders seek to recoup losses from companies.
Increasingly, cyber incidents are accompanied by business interruption (BI) losses. In fact, cyber incidents rank as the BI trigger most feared by businesses, while cyber is seen as the second biggest cause of financial loss for businesses after a BI incident, the
BI loss scenarios are becoming ever more diverse and complex in a globally connected economy, according to the report. Significantly, cyber and BI risks are increasingly interlinked, as ransomware attacks or accidental IT outages often result in disruption of operations and services costing hundreds of millions of dollars.
Given that BI and cyber are driving some of the biggest exposures for businesses in today’s networked society, Allianz urges companies to plan for a wide range of disruptive scenarios and triggers. Disruptive risks can be physical or virtual, such as an IT outage, and can occur through malicious and accidental means.
They can stem from their own operations, but also from a company’s suppliers, customers or IT service providers, the insurer says.
Just weeks before the Allianz report was published, a cyber attack caused major printing and delivery disruptions for a number of US newspapers.
The malware attack led to delayed distribution of The Los Angeles Times, Chicago Tribune, Baltimore Sun and other titles belonging to Tribune Publishing that share the same print facility. The company said it first detected the malware on Friday, and had to rely on “workaround systems” several days after the attack.
Insurers have seen a growing number of BI losses triggered by cyber incidents, with industry claims exceeding USD 100 million, according to Allianz. BI losses, for example, were a hallmark of the WannaCry and NotPetya malware attacks in 2017, which disrupted shipping, logistics and manufacturing companies.
However, Allianz notes that many incidents are the result of technical glitches or human error, rather than malicious acts. Analysis conducted by the UK’s financial services regulator revealed a 138% increase in technology outages over a year, but just 18% of reported incidents were cyber attacks.
Reliance on IT service providers – such as cloud services, online booking platforms and supply chain systems – also brings potential contingent business interruption (CBI) exposures, according to the report.
A software glitch at network equipment provider Ericsson disrupted services for millions of mobile phone customers in Europe and Japan in 2018. In 2017, a four hour outage at Amazon’s AWS cloud computing division impacted internet services, websites and other businesses.
Companies lost approximately USD 150 million as a result, yet longer outages could see losses much closer to a billion dollars, Allianz says.
Download Cyber Decoder
For more information, please contact Shannon Groeber, Senior Vice President, Cyber / Errors & Omissions Practice on 215.309.4495