Canadian Underwriter

Damage to reputation/brand gets social, cyber jumps higher on risk list: Aon survey

April 24, 2017   by Angela Stelmakowich

Print this page Share

PHILADELPHIA – Social media is amplifying the impact of the top-ranked risk for businesses – damage to reputation and brand – while cyber risk has fully entrenched itself in the Top 10, becoming the number one risk for respondents in North America, Aon plc’s 2017 Global Risk Management Survey found.

Released Monday during the RIMS 2017 Annual Conference and Exhibition, being held Apr. 23-26 in Philadelphia, findings from the bi-annual survey show damage to reputation/brand remained the top-ranked risk by all surveyed businesses.

“Over the past few years, while defective products, fraudulent business practices or corruption continue to be key reputation wreckers, new media technologies have greatly amplified their negative impact, making companies more vulnerable,” the survey report states.

“In the age of Twitter or viral videos, damage to reputation could occur because of an inappropriate tweet by an executive, or a video by an employee complaining about sexual harassment or discrimination,” the report points out.

The survey reflects input from 1,843 respondents at public and private companies around the world, notes a statement from Aon. Findings “underscored that companies are grappling with new risks and that there are differences of opinion on how to best prioritize and respond to them,” it adds.

The Top 10 risks (both current and projected) are as follows:

“The majority of the top risks identified in the survey are nothing new to risk managers,” the report notes. “However, a closer examination has revealed many new driving factors that are now transforming the traditional risks, adding new urgency and complexity to old challenges,” Aon suggests.

Related: Cyber risk vaults into Top 10, interconnectedness of risk underscores need for solid risk management: Aon survey

Cyber risk again made gains in the latest list, rising from ninth spot in the 2015 survey to number five this year, Aon reports. “Cyber crime has now joined a long roster of traditional causes that can trigger costly business interruptions,” the statement notes.

Cyber crimes “have evolved from stealing personal information and credit cards to staging co-ordinated attacks on critical infrastructures,” the report adds.

Cyber threat is now included among many traditional causes – such as fire, flood and strikes – “that can trigger business interruptions because cyber attacks cause electric outages, shut down assembly lines, block customers from placing orders, and break the equipment that companies rely on to run their businesses,” it notes.

Cyber risk “is now the top concern among businesses in North America, as the frequency of cyber breaches are increasing and incident response plans have become more complex due to regulation and mandatory disclosure obligations,” Aon points out, adding that globally, “cyber concerns will continue to be significant for businesses.”

Related: Cyber, reputation risks remain top concerns: Marsh/DRII

Another upward mover was increasing competition, which rose from the number four spot in 2015 to the number three spot in 2017. “In many cases, competition has become so fierce that it is increasingly challenging for executives to clearly identify in what industry and with which companies they are competing,” Aon comments.

Political risk/uncertainties, for its part, moved from position 15 in 2015 to ninth spot in 2017, largely driven by persistent and escalating tumult globally.

“Regionally, organizations in Asia Pacific and Latin America rank the risk much higher than those in North America, probably due to concerns about the inward-looking policy platforms and protectionism that could harm businesses in their regions,” the survey report suggests.

That said, “interestingly, developed nations that were traditionally associated with political stability are becoming new sources of volatility and uncertainty,” Aon reports. “This is a concern for businesses, especially those operating in emerging markets.”

The connection between damage to brand/reputation and political risk/uncertainties “has been highlighted by a series of events during 2016, driven by an increase in organized cyber crime, which directly impacted government institutions, political parties and global infrastructures,” Greg Case, Aon’s president and CEO, writes in the introduction of the report.

Beyond actual upward movers, though, are the anticipated future movers. While disruptive technologies/innovation is an emerging risk ranked 20th by respondents in the 2017 report, their expectation is that it will enter the Top 10 by 2020.

More positively, perhaps, “with the recent introduction and adoption of new technologies, such as drones, driverless cars and advanced robotics, businesses have an increased awareness of the impact of innovation,” Aon points out.

Respondents realize the significance of potential disruptors from both within their own industry and outside their industry, it adds.

There were, however, a number of risks that ranked lower in the latest survey, including the following:

  • property damage slipped from 10 in 2015 to 13 in 2017;
  • distribution or supply chain failure fell to its lowest ranking since 2009, settling at 19 in 2017 from 14 in 2015; and
  • failure of disaster recovery plan declined from 21 in 2015 to 28 in 2017.

“Trends in economics, demographics and geopolitics, along with rapid technology advancements, are transforming traditional risks for global businesses, adding new urgency and complexity to old challenges,” Aon suggests.

Related: Global private companies seem underprepared for cyberattacks: PwC report

The 2017 survey also shows some divergent perspectives with regard to both cyber threat and reputation/brand risk.

While surveyed companies with revenues of more than US$1 billion selected damage to reputation/brand as their top risk, smaller organizations are more concerned about economic slowdown and increasing competition, the survey found.

“The same is true with cyber crime/hacking/viruses/ malicious codes – larger companies see it as their second highest risk, but smaller companies rank it much lower,” the report adds.

There are also differences, of course, by region.

“As the risk landscape for commerce evolves, businesses can no longer rely solely on traditional risk mitigation or risk transfer tactics,” Rory Moloney, chief executive officer for Aon Global Risk Consulting, cautions in the company statement.

“They must take a cross-functional approach to risk management and explore different ways to cope with these new complexities,” Moloney goes on to say.

Related: Risk readiness among organizations declined last year, global survey says

It is a message that businesses need to take to heart. Consider the finding that risk preparedness is at its lowest level since the survey’s inception a decade ago.

The worrisome discovery shows that “despite the availability of more data and analytics, and more mitigation solutions, surveyed companies are less prepared for risk,” the report points out.

“With the fast speed of change in a global economy and increasing connectivity, the impacts of certain risks, especially those uninsurable ones, are becoming more unpredictable and difficult to prepare for and mitigate,” the report cautions.

Consider the top 28 risks on the Aon list in terms of being partially insurable, uninsurable or insurable.

However, the level of preparedness for the two insurable risks on the top 10 list – namely, business interruption and third-party liability – have been above average, Aon notes.

“At the same time, cyber crime/hacking/viruses/malicious codes, a partially insurable risk, registers the highest reported readiness (79%). The result could be driven by the rising awareness of cyber security in recent years,” the company adds.

More coverage of RIMS 2017 Annual Conference and Exhibition

RIMS supports charity in its fight against childhood cancer

Print this page Share

Have your say:

Your email address will not be published. Required fields are marked *