Business interruption and cyber top threats in Asia Pacific

Photo by Pixabay

It is both stability and change in the Allianz Risk Barometer 2023. Cyber Incidents and Business Interruption rank as the biggest company concerns for the second year in succession (both with 34% of all responses).

The Allianz Risk Barometer is an annual business risk ranking compiled by Allianz Group’s corporate insurer Allianz Global Corporate & Specialty (AGCS), together with other Allianz entities, which incorporates the views of 2,712 risk management experts in 94 countries and territories including CEOs, risk managers, brokers and insurance experts. It is being published for the 12th time.

AGCS’ CEO Joachim Mueller comments on the findings: “For the second year in a row the Allianz Risk Barometer shows that companies are most concerned about mounting cyber risks and business interruption. At the same time, they see inflation, an impending recession and the energy crisis as immediate threats to their business.

“Companies – in Europe and in the US in particular – worry about the current ‘permacrisis’ resulting from the consequences of the pandemic and the economic and political impact from ongoing war in Ukraine. It’s a stress test for every company’s resilience.

“The positive news is that as an insurer we see continuous improvement in this area among many of our clients, particularly around making supply chains more failure-proof, improving business continuity planning and strengthening cyber controls. Taking action to build resilience and de-risk is now front and center for companies, given the events of recent years.”

In 2023, the top four risks in the Allianz Risk Barometer are broadly consistent across all company sizes globally – large, medium and small – as well as across core European economies and the US (energy crisis excepted). Risk concerns for businesses in Asia Pacific and African countries show some deviation, reflecting the different impact of the ongoing war in Ukraine and its economic and political repercussions.

Digital and disruption dangers

Cyber Incidents, such as IT outages, ransomware attacks or data breaches, ranks as the most important risk globally for the second year in succession – the first time this has occurred. It also ranks as the top peril in 19 different countries, among them Canada, France, Japan, India and the UK. It is the risk that small companies (<$250mn annual revenue) are most worried about.

“For many companies the threat in cyber space is still higher than ever and cyber insurance claims remain at a high level. Large companies are now used to being targeted and able to repel most attacks. Increasingly, we see more small- and mid-size businesses impacted who often tend to underestimate their exposure. They all need to continuously invest in strengthening their cyber controls,” says Shanil Williams, AGCS Board Member and Chief Underwriting Officer Corporate, responsible for cyber underwriting.

According to the Allianz Cyber Center of Competence, the frequency of ransomware attacks remains elevated in 2023, while the average cost of a data breach is at an all-time high at $4.35mn and expected to surpass $5mn in 2023.

The conflict in Ukraine and wider geopolitical tensions are heightening the risk of a large-scale cyber-attack by state-sponsored actors. In addition, there is also a growing shortage of cyber security professionals, which brings challenges when it comes to improving security.

For businesses in many countries, 2023 is likely to be another year of heightened risks for Business Interruption (BI) because many business models are vulnerable to sudden shocks and change, which in turn impact profits and revenues.

Ranking #2 globally, BI is the number one risk in countries such as Brazil, Germany, Mexico, Netherlands, Singapore, South Korea, Sweden and the US.

The scope of disruptive sources is wide. Cyber is the cause of BI companies fear most (45% of responses); the second most important cause is the energy crisis (35%), followed by natural catastrophes (31%). The skyrocketing cost of energy has forced some energy-intensive industries to use energy more efficiently, move production to alternative locations or even consider temporary shutdowns.

The resulting shortages threaten to cause supply disruption across a number of critical industries in Europe, including food, agriculture, chemicals, pharmaceuticals, construction and manufacturing, although warm winter conditions in Europe and stabilization of the price of gas is helping to ease the energy situation.

A possible global recession is another likely source of disruption in 2023, with potential for supplier failure and insolvency, which is a particular concern for companies with single or limited critical suppliers. According to Allianz Trade, global business insolvencies are likely to rise significantly in 2023: +19%.

Top Asia Pacific risks

Business Interruption (#1 with 35% of responses) is the top risk in Asia Pacific, surpassing Cyber Incidents (#2 with 32%) which ranked top for the previous three years. Natural Catastrophes (#3 with 27%), Changes in legislation and regulation (#4 with 24%), and Climate Change (#5 with 22%) make up the other top risks in the region.

Business Interruption ranks in the top three risks in all countries in Asia Pacific and is the top risk in Singapore and South Korea. This comes as little surprise as companies need to navigate supply chain disruption, uncertain geopolitical, economic and climate risks, as well as long-term transformations such as digitalization and decarbonization.

Ranking second in Asia Pacific, Cyber Incidents remains a significant concern in the region, especially in Japan and India where it ranks top. Cyber Incidents claimed top spot in India for the past six years, and the country has been dealing with cyber security concerns for a while. For example, in November 2022, multiple servers of the All India Institute of Medical Sciences (AIIMS), a federal government hospital that caters to ministers, politicians and the general public, were infected. Businesses in Japan were also most concerned about Cyber Incidents, which claimed top spot for the past three years. Notably, in 2022, a large Japanese car manufacturer closed all of its factories nationwide for a day following a cyberattack at a supplier. The suspension affected an output of around 13,000 vehicles.

Changes in legislation and regulation rose from #5 to #4 year-on-year, keeping its place among the top five Asia Pacific risks for the fifth consecutive year, and was also the top risk in China, where companies are facing an increasingly tightening regulatory environment and industries as disparate as technology, finance, education, and transport have had to adapt to a new regulatory climate.

Climate-related concerns gained ground in Asia Pacific. Natural Catastrophes rose from #4 to #3 year-on-year, spurred by notable events such as widespread flooding across South Asia from January to October, which led to the deaths of over 3,500 people, and the devastating heatwaves suffered by China in the sixth warmest July and August since 1880. Secondary perils are not to be underestimated too, with floods in eastern Australia resulting in insured losses around $4bn, the country’s costliest ever natural catastrophe. Climate Change rose from #6 to #5 year-on-year, as companies are confronted with a wide range of transformation risks resulting from new market conditions or product requirements, or from changes in business strategy.

Mark Mitchell, Regional Managing Director, Asia Pacific at AGCS, said, “Despite the easing of supply chains from Covid-19 related recovery, businesses in Asia Pacific continue to face significant business interruption as they need to navigate a plethora of challenges. This includes global shortages and inflationary pressures as a result of the war in Ukraine and geopolitical tensions, and other perennial risks in the rankings such as cyber and natural catastrophes.

“These risks, coupled with the threat of recession this year, will once again force companies to evolve and adapt their business models, as they did at the start of the pandemic. Businesses also need to continue to enhance resilience by working with stakeholders and partners to develop alternative suppliers and improve business continuity management.”