Cyber-incidents topped the list of risks facing businesses around the world in 2023 for the second year in a row, according to Allianz’s 2023 Risk Barometer.
In addition to ranking as the number one risk globally, cyber-events like IT outages, ransomware attacks and data breaches captured the top spot in 19 different countries, including the UK, Canada, India, France, Japan and Spain.
Cyber ranked as the second most concerning peril after business interruption in the United States, Germany, Brazil, Singapore and South Africa.
“For many companies, the threat in [cyber-space] is still higher than ever,” says Scott Sayce, global head of cyber at Allianz Global Corporate & Specialty and group head of the Cyber Center of Competence. “The conflict in Ukraine and wider geopolitical tensions are reshaping the [cyber-risk] landscape, heightening the risk of a large-scale [cyber-attack], according to the respondents. The frequency of ransomware attacks remain high, with losses increasing as criminals hone their tactics to extort more money, while the average cost of a data breach is at an all-time high.”
Despite the focus on ransomware in many conversations around cyber-threats, 53% of respondents highlighted data breaches as their main concern, followed by ransomware at 50%. Allianz attributed this to the rising cost of breaches and tougher regulation around the world—a breach of sensitive information can result in significant notification costs, regulatory fines, litigation and reputational damage.
It is also the risk small businesses cite as their top concern, especially with regard to the technology and software they rely upon to run their operations. Failure of digital supply chains or cloud services ranked third (35%) for respondents.
“Most [cyber-incidents] in the SME [small and medium-sized enterprise] sector are ransomware attacks but increasingly we also see social engineering scams and ‘deep fake’ attacks,” said Sabrina Sexton, head of global cyber for SME and Mid-Corporate for the Cyber Center of Competence at Allianz. “Smaller companies can also be highly exposed to supply chain attacks as they often purchase software [programme] licenses of much larger [organisations] or vendors.”
Rounding out the top 10 risks ranked by businesses around the world after cyber were business interruption, macroeconomic concerns; energy crises; legislative/regulatory changes; natural catastrophes; climate change; shortage of skilled workers; fire/explosion; and political risks and violence. Cyber ties into many of these risks, Allianz pointed out, particularly business interruption, regulatory changes and shortage of skilled workers.