Canadian Underwriter
News

Cyber risk vaults into Top 10, interconnectedness of risk underscores need for solid risk management: Aon survey


April 27, 2015   by Angela Stelmakowich, Editor


Print this page Share

NEW ORLEANS, La. – Cyber has entered the 2015 Global Risk Management Survey’s Top 10 global risks for the first time ever, demonstrating its emergence as a key risk factor for today’s business, reports Aon Risk Solutions, the global risk management business of Aon plc.

One of the biggest movers in the 2015 report was cyber risk, vaulting from 18 in Aon’s 2013 Global Risk Management Survey to nine in the 2015 report

Released Monday at the RIMS 2015 Annual Conference & Exhibition, the latest edition of the biennial survey contains analyses and detailed facts and figures gleaned from 1,418 organizations of all sizes and industry sectors from 70 countries. In all, 46% of respondents were from Europe, 33% from North America, 11% from Latin America, 9% from Asia Pacific and 1% from Middle East and Africa.

Organizations are facing daunting challenges “driven by both external and internal factors in today’s globally interdependent environment,” states the report detailing survey findings. “These constantly evolving and interconnected challenges have made risk management a necessity for survival and a key driver for success in this diverse, competitive and fragile marketplace.”

The following risks represent the Top 10 identified by respondents:

• damage to reputation/brand;

• economic slowdown/slow recovery;

• regulatory/legislative changes;

• increasing competition;

• failure to attract or retain top talent;

• failure to innovate/meet customer needs;

• business interruption;

• third-party liability;

• cyber risk (computer crime/hacking/viruses/malicious codes); and

• property damage.

Responses show the overall readiness for the Top 10 risks stands at 63% in the 2015 survey, similar to that in 2013, the survey report notes. The result, though positive, falls below expectation. [click image below to enlarge]

Damage to reputation/brand was rated the top risk of 2015

One of the biggest movers in the 2015 report was cyber risk, vaulting from 18 in Aon’s 2013 Global Risk Management Survey to nine in the 2015 report.

“Cyber risk is fast-moving, impossible to predict and difficult to understand, but the damage can be immense,” the report states. “One of the dangers facing the insurance industry is the potential for a cyber hurricane, an event that could impact multiple lines of businesses, geographies and industry sectors.”

The report cites the Center for Strategic and International Studies, which has estimated the annual cost of cyber crime and economic espionage to the world economy runs as high as US$445 billion, or almost 1% of global income.

“With today’s rapid technological change, it is no surprise that cyber has entered the Top 10 for the first time, and with increasing attacks impacting on a company’s reputation, the results illustrate the hyperconnectivity between risks,” Stephen Cross, chief innovation officer at Aon Risk Solutions, says in a press release from Aon.

More surprising, Cross suggests, is the lack of alignment between the board and the risk manager. “Such diverse views illustrate how imperative it is that the Board of Directors has effective and regular communication with risk managers to effectively assess and mitigate the company’s risk exposure.”

Aon points out that “North America ranked cyber risk at the highest spot of all regions surveyed in the 2015 report, showcasing its global exposure on this challenging issue.”

And the risk is projected to continue its ascent, with Aon expecting that cyber risk will rank seventh in 2018. In light of the projection, some current results are heartening and others less so. [click image below to enlarge]

Responses of reported readiness for cyber risk have increased from 68% in 2013 to 82% in 2015

“Given the frequency and prevalence of cyber risks, it is alarming that a fairly large percentage of companies (58%) have not completed a cyber risk assessment,” notes the report.

One positive trend revealed by the survey, though, is that responses of reported readiness for cyber risk have increased from 68% in 2013 to 82% in 2015.

Aon reports the 2015 findings show companies have improved their technology infrastructure since the last survey to keep up with competition. “Lack of technology/infrastructure to support business needs has slipped from number 21 in the previous survey to number 31. As the economy is expanding, companies are now investing more in technology and infrastructure to stay competitive.”

Despite the positive, Aon also notes that 90% of polled businesses worldwide recognize that they are insufficiently prepared to protect themselves against cyber risk.

The upward movement of cyber risk, no doubt, was fanned by some high-profile events to have recently made the news. The report notes “it is an interesting exercise to compare the Top 10 risks with some of the key political and business events in 2014 before and during the period when this survey was conducted.”

Among others, these events included the rise of Islamic State of Iraq and Syria (ISIS), the oil prices crash, extreme weather conditions in parts of Canada and the eastern United States, continuing military conflicts in the Ukraine and Russian annexation of Crimea, the Ebola outbreak in West Africa, cyber attacks on Sony and Home Depot, and floods in India, Pakistan, China and Southeast Europe, as well as widespread drought in the U.S. and Brazil.

“The unpredictable nature of such crises in an age of 24-hour news cycles and instant social media poses a serious threat to a company’s hard-earned global image,” the survey report states. One positive, though, is that “intensive media scrutiny also heightens awareness of crises preparedness.”

Of course, cyber was not alone in making headway and demonstrating how interconnected risks can be. Citing both damage to brand/reputation (which has not ranked as the top risk since 2007) and cyber risk, “the connection between these two risks has been felt around the world in 2014, as a rash of data breaches demonstrated the fragile nature of consumer trust in leading corporations,” Greg Case, president and CEO of Aon plc, notes in the report.

“Aon’s global clients strongly felt that damage to reputation/brand ranked as a top concern across almost all regions and industries,” the company statement notes
.

“This can be attributed to the growing challenges businesses are facing amongst the risks found in the Top 10 list, such as cyber risk, business interruption, increasing competition and failure to innovate,” the statement adds.

The report notes that damage to reputation/brand has been listed as the highest risk by respondents in industries such as aviation, banking, food processing, education, non-profit, real estate and telecommunications. However, results of a recent Deloitte Touche Tohmatsu survey of 300 executives shows only 19% would award their companies an “A” grade for their capabilities for protecting against and responding to reputation risks.

What impact a data breach will have on an organization is no longer a matter of if, but rather when and to what magnitude, contends Kevin Kalinich, global practice leader, network risk/cyber insurance for Aon Risk Solutions. Still, “the insurance industry is in the process of creating innovative solutions to mitigate the impact on the balance sheet from this growing risk,” Kalinich says in the Aon press release.

Concerns over the interconnected nature of risk can also be seen with regard to the failure to attract or retain top talent and the failure to innovate/meet customer needs. “Companies that cannot appropriately align and incent their workforce will quickly lose ground to their competition,” Case emphasizes in the report.

Failure to innovate/meet customer needs remained in the sixth spot in the 2015 survey, but is projected to rank fourth in 2018. “With today’s rapid technological changes, companies rise and fall faster than ever before. Many of the world’s top companies have lost their edge due to failure to innovate and adapt to new market conditions,” notes the report. [click image below to enlarge]

Aon expects that cyber risk will rank seventh in 2018

Other survey results highlighting the interdependency among many of the top risks include property damage, which currently ranks 10, but is up from 17 just two years ago. Unprecedented weather events in recent years have bundled property risk with the cause and effect of business interruption.

“Nowadays, commercial buildings and plants are being developed on a larger scale, and equipped with more costly machinery and new technology that are difficult to replace,” the report states. “Therefore, property damage could cause severe business interruption. In the case of suppliers, the value concentration in just one facility is so large that any damage could affect multiple companies. As a result, industry claims in excess of US$1 billion have become more frequent and, in some cases, have come from sources not traditionally anticipated by insurers.”

Business interruption ranked seventh, sitting firmly in the Top 10 despite reported losses being down more than 10% from the 2013 survey, Aon reports.

And increasing competition, now rated the fourth highest risk, is expected to make it all the way to the top in three years time, Aon states, adding that this raises a red flag for the insurance industry.

“Companies in both developing and developed countries are now facing tough competition brought about by globalization,” the report states. “With the opening of borders to trade and foreign investment, globalization is pressuring domestic firms to compete on their own merits.”

Managing competition risk demands a high-level, enterprise-wide approach, the report notes, which includes the following:

• identifying and understanding new competitors entering the marketplace;

• discovering the latest consumer trends and developing the requisite flexibility to adapt and respond to those trends;

• staying abreast of technological advances to ensure that businesses are integrating the most effective techniques and technologies available;

• understanding globalization, including the entry of lower-cost economies into the global marketplace; and

• preparing for aggressive action on the part of competitors, such as price wars.

“Increasing competition has made it imperative for companies to focus on innovation, brand recognition, and product differentiation to survive and thrive.”

Asked about desired changes in the insurance market, 65% of respondents pointed to more flexibility, 64% to broader coverage/better terms, and 50% to better recognition of investments in internal risk management.

“These answers remain consistent with those in previous surveys,” the report notes. “It’s a clear indication that organizations are expecting their insurers to offer broader terms and more flexible solutions for meeting risk management objectives as they are coping with new risks and challenges.”

The report states that, in Aon’s view, there are also some underestimated risks.

• despite political turmoil and upheaval in parts of the world, political risks/uncertainties has dropped out of the Top 10 risk list and is ranked 15 in the 2015 survey;

• the threat of terrorism has dropped to spot 41; and

• the risk of pandemic is only ranked number 44.

Survey findings show “companies are grappling with new risks and that there are differences of opinion on how to best prioritize and respond to them,” Aon notes in its statement. “Typically, financial and economic risks, including commodity price risk, economic slowdown and technology failure were seen as damaging at C-suite level with risk managers focused on liability-related risks such as cyber, property damage and third-party liability,” the company reports.

“These diverse views illustrate the importance of gathering a cross section of stakeholders in the decision-making process, so that each one can bring a different perspective,” the report emphasizes. “It is also imperative that senior executives and the Board of Directors communicate with risk managers, taking an active role in assessing and covering the company’s risk exposure to ensure it is in line with the strategic goals.”

Rory Moloney, CEO of Aon Global Risk Consulting, notes in the statement that “constantly evolving interconnected challenges have made risk management a key driver to the success of an organization.”

The RIMS 2015 Annual Conference & Exhibition is being held Apr. 26-29 in New Orleans.

More coverage of the RIMS 2015 Annual Conference & Exhibition

RIMS Community Service Day focuses on rebuilding two catastrophe-affected neighbourhoods in New Orleans

Risk management networks key, innovation often comes from necessity: RIMS president

Janice Ochenkowski receives RIMS’s most prestigious honour

Expediting authorizations for drone use after disasters would improve risk assessment and response: study