Cyber risks are now the top worry for SA firms

As companies’ reliance on data and IT system grows, South African firms are becoming more alert about the cyber risks they face, and this prompted many to list cyber incidents as the most important business risk in the country.

This has been revealed in the latest business risk survey conducted by leading global corporate insurance carrier Allianz Global Corporate & Specialty (AGCS).

AGCS, a key business unit of Allianz Group, said 46% of responses received as part of its survey ranked cyber incidents the top business risk in the country. The Allianz survey was launched in the country in 2016.

Cyber threats overtook business interruption as the top peril at global level at 40% in the ninth Allianz Risk Barometer 2020, which looked at global business risks among companies worldwide.

“Cyber incidents ranked number one in 2016, 2017 and 2018 in South Africa. Awareness of the cyber threat has grown rapidly in recent years, driven by companies’ increasing reliance on data and IT systems and a number of high-profile incidents. Seven years ago, it ranked only 15th, with just 6% of responses,” said Joachim Müller, CEO of AGCS.

The 9th annual survey on top business risks attracted record participation of 2,700-plus experts from more than 100 countries. Those canvassed in the survey included CEOs, risk managers, brokers and insurance experts.

The respondents said cyber incidents had become more damaging and expensive for companies – and often resulted in lawsuits and litigation. In the survey, Müller said, business interruption ranked second, but remained a key challenge, with digitalisation and civil unrest creating new causes of disruption and loss of income.

In the Allianz Risk Barometer 2020 survey, climate change rose to its highest-ever position. Müller said companies were most concerned about physical losses from extreme weather events but also feared consumer criticism and increasing regulatory and legal action.

Changes in legislation and regulation (on position 3 with 29%) and climate change (position 6 with 19%) were the biggest climbers globally, underlining the US-China trade war, Brexit and global warming as increasing concerns for companies and nations, including South Africa.

Müller said: “Of course, there are many other damage and disruption scenarios to contend with, but if corporate boards and risk managers fail to address cyber and climate change risks, this will likely have a critical impact on their companies’ operational performance, financial results and reputation with key stakeholders. Preparing and planning for cyber and climate change risks are both a matter of competitive advantage and business resilience in the era of digitalisation and global warming.”

Cyber incidents were among the top three risks in Austria, Belgium, France, India, South Korea, Spain, Sweden, Switzerland, the UK and the US. Businesses face the challenge of larger and more expensive data breaches, an increase in ransomware and spoofing incidents, as well as the prospect of privacy-driven fines or litigation after an event.

A mega data breach ─ involving more than 1 million compromised records ─ now costs on average $42 million, up 8% year-on-year.

“Incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands. Five years ago, a typical ransomware demand would have been in the tens of thousands of dollars. Now they can be in the millions,” said Marek Stanislawski, global head of Cyber, AGCS.

Extortion demands are just one part of the picture: Companies can suffer major business intelligence losses due to the unavailability of critical data, systems or technology, either through a technical glitch or cyber-attack.

“Many incidents are the results of human error and can be mitigated by staff awareness training, which is not yet a routine practice across companies,” Stanislawski said.

Business interruptions dropped to second spot among business concerns in South Africa after seven years at the top globally.

The trend for larger and more complex BI losses continues unabated. Causes are becoming ever more diverse, ranging from critical infrastructure blackouts such as load shedding, fire, explosion or natural catastrophes to digital supply chains or even political violence.

According to Raymond Hogendoorn, global head of property and engineering claims at AGCS, digital supply chains and platforms today allow for full transparency and traceability of goods.

“But a fire at a data centre, a technical glitch or a hack could bring large BI losses for multiple companies that all rely on and share the same system and which cannot switch back to manual processes.”

Businesses are also increasingly exposed to the direct or indirect impact of riots, civil unrest or terrorism attacks. The past year has seen escalations in Hong Kong, Chile, Bolivia, Colombia and France, resulting in property damage, BI and general loss of income for both local and multinational companies as shops were closed for months, customers and tourists stayed away or employees couldn’t access their workplace due to safety concerns.

Xenophobic attacks, which happened in September last year, affected businesses in South Africa and Nigeria.

For more news your way, download The Citizen’s app for iOS and Android.