Allianz Global Corporate & Specialty

Press release

Allianz Risk Barometer: Business interruption and cyber incidents dominate risk landscape for companies of all sizes and sectors in 2018

• Evolving nature of risk, and rise in cyber-related incidents, means business interruption ranks as top threat for companies globally, according to 1,900+ risk experts from 80 countries
• Potential “cyber hurricane” events and tougher data protection rules shape cyber risk environment for year-ahead. Crisis response crucial for mitigation
• Record-breaking losses push natural catastrophes and climate change up risk agenda
• Businesses worry about emerging risks and liabilities arising from new technologies

London, New York, Munich, Singapore, January 16, 2018: They take aim at the backbone of the connected economy and, when they strike, can jeopardize the success, or even the existence, of companies of every size and sector. Business interruption (# 1 with 42% of responses / # 1 in 2017) and Cyber incidents (# 2 with 40% of responses, up from # 3 in 2017) are this year’s top business risks globally, according to the Allianz Risk Barometer 2018.

Larger losses from natural catastrophes (# 3 with 30% of responses, up from # 4 in 2017) are also a rising concern for businesses, with the record-breaking 2017 disaster year also ensuring Climate change and increasing volatility of weather (# 10) appears in the top 10 most important risks for the first time. Meanwhile, the risk impact of New technologies (# 7 2018 / # 10 2017) is one of the biggest climbers, as companies recognize innovations such as artificial intelligence or autonomous mobility could create new liabilities and larger-scale losses, as well as opportunities, in future. Conversely, businesses are less worried about Market developments (# 4 2018 / # 2 2017) than 12 months ago.

These are the key findings of the seventh Allianz Risk Barometer, which is published annually by Allianz Global Corporate & Specialty (AGCS).The 2018 report is based on the insight of a record 1,911 risk experts from 80 countries.

“For the first time, business interruption and cyber risk are neck-and-neck in the Allianz Risk

Barometer and these risks are increasingly interlinked,” says Chris Fischer Hirs, Chief Executive Officer, AGCS. “Whether resulting from attacks such as WannaCry, or more frequently, system failures, cyber incidents are now a major cause of business interruption for today’s networked companies whose primary assets are often data, service platforms or their groups of customers and suppliers. However, last year’s severe natural disasters remind us that the impact of perennial perils shouldn’t be underestimated either. Risk managers face a highly complex and volatile environment of both traditional business risks and new technology challenges in future.”

New business interruption triggers emerging

Business interruption (BI) is the most important risk for the sixth year in a row, ranking top in 13 countries and the Europe, Asia Pacific, and Africa & Middle East regions. No business is too small to be impacted. Companies face an increasing number of scenarios, ranging from traditional exposures, such as fire, natural disasters and supply chain disruption, to new triggers stemming from digitalization and interconnectedness that typically come without physical damage, but with high financial loss. Breakdown of core IT systems, terrorism or political violence events, product quality incidents or an unexpected regulatory change can bring businesses to a temporary or prolonged standstill with a devastating effect on revenues.

For the first time, cyber incidents also rank as the most feared BI trigger, according to businesses and risk experts, with BI also considered the largest loss driver after a cyber incident. Cyber risk modeler Cyence, which partners with AGCS and is now part of Guidewire Software, estimates that the average cost impact of a cloud outage lasting more than 12 hours for companies in the financial, healthcare and retail sectors could total $850 mn in North America and $700 mn in Europe.

BI also ranks as the second most underestimated risk in the Allianz Risk Barometer.

“Businesses can be surprised about the actual cause, scope and financial impact of a disruption and underestimate the complexity of ‘getting back to business’. They should continuously fine tune their emergency and business continuity plans to reflect the new BI environment and adequately consider the rising cyber BI threat,” says Volker Muench, Global Property and BI expert, AGCS.

Cyber risks continue to evolve

Cyber incidents continues its upward trend in the Allianz Risk Barometer. Five years ago it ranked # 15. In 2018 it is # 2. Multiple threats such as data breaches, network liability, hacker attacks or cyber BI, ensure it is the top business risk in 11 surveyed countries and the Americas region and # 2 in Europe and Asia Pacific. It also ranks as the most underestimated risk and the major long-term peril.

Recent events such as the WannaCry and Petya ransomware attacks brought significant financial losses to a large number of businesses. Others, such as the Mirai botnet, the largestever distributed denial of service (DDoS) attack on major internet platforms and services in Europe and North America, at the end of 2016, demonstrate the interconnectedness of risks and shared reliance on common internet infrastructure and service providers. On an individual level, recently identified security flaws in computer chips in nearly every modern device reveal the cyber vulnerability of modern societies. The potential for so-called “cyber hurricane” events to occur, where hackers disrupt larger numbers of companies by targeting common infrastructure dependencies, will continue to grow in 2018.

Meanwhile, privacy risk is back in the spotlight following huge data breaches in the US. The introduction of the General Data Protection Regulation (GDPR) across Europe in May 2018 will intensify scrutiny further, bringing the prospect of more, and larger, fines for businesses who do not comply. Time is running out to be GDPR-ready. “Compared to the US where privacy laws have been strict for decades and cyber security and privacy regulation is continuously evolving, firms in Europe now also have to prepare for tougher liabilities and notification requirements. Many businesses will quickly realize that privacy issues can create hard costs once the GDPR is fully implemented,” says AGCS’s Global Head of Cyber, Emy Donavan. “Past experience has shown that a company’s response to a cyber crisis, such as a breach, has a direct impact on the cost, as well as on a company’s reputation and market value. This will become even more the case under the GDPR.”

Cyber threats also vary according to company size or industry. “Small companies are likely to be crippled if hit with a ransomware attack, while larger firms are targets of a greater range of threats, such as the DDoS attacks which can overwhelm systems,” says Donavan.

Allianz Risk Barometer results show that awareness of the cyber threat is soaring among small- and medium-sized businesses, with a significant jump from # 6 to # 2 for small companies and from # 3 to # 1 for medium-sized companies. With regard to sector exposure, cyber incidents rank top in the Entertainment & Media, Financial Services, Technology and Telecommunications industries.

Weather and technology risk on the rise

After a record-breaking $135 bn in insured losses from natural catastrophes alone in 2017^[1] – the highest ever – driven by hurricanes Harvey, Irma and Maria in the United States and the Caribbean, Natural catastrophes returns to the top three business risks globally. “The impact of natural catastrophes goes far beyond the physical damage to structures in the affected areas. As industries become leaner and more connected, natural catastrophes can disrupt a large variety of sectors that might not seem directly affected at first glance around the world,” says Ali Shahkarami, Head of Catastrophe Risk Research, AGCS.

Respondents fear 2017 could be a harbinger of increasing intensity and frequency of natural hazards. Climate change/increasing weather volatility is a new entrant in the Risk Barometer top 10 in 2018 and the loss potential for businesses is further exacerbated by rapid urbanization in coastal areas.

Meanwhile, the risk impact of New technologies is one of the big movers in the Allianz Risk Barometer, up to # 7 from # 10. It also ranks as the second top risk for the long-term future after cyber incidents, with which it is closely interlinked. Vulnerability of automated or even autonomous or self-learning machines to failure or malicious cyber acts, such as extortion or espionage, will increase in future and could have a significant impact if critical infrastructure, such as IT networks or power supply, are involved.

“Although there may be fewer smaller losses due to automation and monitoring minimizing the human error factor, this may be replaced by the potential for large-scale losses, once an incident happens,” explains Michael Bruch, Head of Emerging Trends, AGCS. “Businesses also have to prepare for new risks and liabilities as responsibilities shift from human to machine, and therefore to the manufacturer or software supplier. Assignment and coverage of liability will become much more challenging in future.”

Main contents page:  http://www.agcs.allianz.com/insights/white–papers–and–case–studies/allianz–risk–barometer–2018/

English version of the report:

http://www.agcs.allianz.com/assets/PDFs/Reports/Allianz_Risk_Barometer_2018_EN.pdf

Appendix document

http://www.agcs.allianz.com/assets/PDFs/Reports/Allianz_Risk_Barometer_2018_APPENDIX.pdf

Video:  http://www.agcs.allianz.com/insights/videos/

Press contacts

About Allianz Global Corporate & Specialty

Allianz Global Corporate & Specialty (AGCS) is the Allianz Group’s dedicated carrier for corporate and specialty insurance business. AGCS provides insurance and risk consultancy across the whole spectrum of specialty, alternative risk transfer and corporate business: Marine, Aviation (incl. Space), Energy, Engineering, Entertainment, Financial Lines (incl. D&O), Liability, Mid-Corporate and Property insurance (incl. International Insurance Programs).

Worldwide, AGCS operates in 32 countries with own units and in over 210 countries and territories through the Allianz Group network and partners. In 2016, it employed around 5,000 people and provided insurance solutions to more than three quarters of the Fortune Global 500 companies, writing a total of €7.6 billion gross premium worldwide annually.

AGCS SE is rated AA by Standard & Poor’s and A+ by A.M. Best.

For more information please visit www.agcs.allianz.com or follow us on Twitter @AGCS_Insurance LinkedIn and Google+.

Forward-looking statementsThe statements contained herein may include prospects, statements of future expectations and other forward-looking statements that are based on management’s current views and assumptions and involve known and unknown risks and uncertainties. Actual results, performance or events may differ materially from those expressed or implied in such forward-looking statements.

Such deviations may arise due to, without limitation, (i) changes of the general economic conditions and competitive situation, particularly in the Allianz Group’s core business and core markets, (ii) performance of financial markets (particularly market volatility, liquidity and credit events) (iii) frequency and severity of insured loss events, including from natural catastrophes, and the development of loss expenses, (iv) mortality and morbidity levels and trends, (v) persistency levels, (vi) particularly in the banking business, the extent of credit defaults, (vii) interest rate levels, (viii) currency exchange rates including the Euro/U.S. Dollar exchange rate, (ix) changes in laws and regulations, including tax regulations, (x) the impact of acquisitions, including related integration issues, and reorganization measures, and (xi) general competitive factors, in each case on a local, regional, national and/or global basis. Many of these factors may be more likely to occur, or more pronounced, as a result of terrorist activities and their consequences.

No duty to update

The company assumes no obligation to update any information or forward-looking statement contained herein, save for any information required to be disclosed by law.

[1] Munich Re NatCatSERVICE