Allianz issues an annual risk report and it is fascinating to see how risk changes so suddenly. The top risks according to 500 risk managers and corporate insurance experts in 47 countries are business interruption and supply chain (#1), natural catastrophes (#2), and fire and explosion (#3). The biggest movers in terms of ranking on the risk scale are (no surprise!) cyber and political risks. It has been quite the year for data breaches and political unrest. Cyber risk itself moved up from 8th place last year into the top five this year. The damage caused by a data security incident, according to the report, is now estimated to total to $720,000 and from a targeted attack, up to $2.54m (Kaspersky Lab). The main reason behind this substantial economic loss caused by cyber risk is loss from reputation (61%), followed by business interruption (49%) and damages paid due to loss of customer data (45%). When people hear about a cyber attack, it has the unfortunate side effect of driving customers away and thus hurting the bottom line. People assume that the company was caught asleep at the switch, not well-led and unconcerned about their customers’ privacy. All in all, the company’s reputation loses face.
Disturbingly, cyber risk is the most underestimated risk by businesses in 2015. It is also expected to continue to be the number one risk five years from now although 10 years from now, climate change is expected to top the list. I guess that indicates that cyber risk will be under control and solutions will be found. What worries risk managers the most when it comes to cyber risks? — data theft and manipulation (64%), reputational loss (48%) and the threat that the hacking will just keep on happening (44%).
As you can see from the chart above, reputation and brand loss ranks #6 overall and for many years of the study continues to rank at the top. Reputational aftershocks are pervasive.