Cyber crime is one of businesses’ fastest-growing concerns but many companies are still underestimating the amount of damage it can cause, according to a report by Allianz.
Budgetary constraints and a lack of understanding are also hindering companies’ efforts to tackle online threats, the survey of risk managers and corporate insurance experts from businesses in 47 countries says.
“There is still the misconception that larger companies are more frequently the target of cyber attacks because of the bigger financial rewards for criminals. But cyber attacks have become an almost daily event, affecting small, medium and large businesses,” said Jens Krickhahn, a practice leader in cyber and fidelity at Allianz Global Corporate & Specialty (AGCS).
Mr Krickhahn said firms need to be clear about the impact “on their supply chain, the liability they could face if they cannot deliver their products in time or if they lose customer data, any jurisdictional laws which might apply, as well as the costs for hiring lawyers, IT experts and public relations experts to resolve any issues.
“Different stakeholders such as IT security architects and business continuity managers need to share their knowledge to identify and evaluate threat scenarios.”
“The ‘human factor’ should also not be underestimated, as employees can cause IT security incidents, inadvertently and deliberately,” Mr Krickhahn said.
The report warns that the growing interdependence of global businesses means that companies are more exposed.
“Negative effects can quickly multiply. One risk can lead to several others. Natural catastrophes or cyber attacks can cause business interruption not only for one company, but to whole sectors or critical infrastructure,” Allianz Ireland chief executive Brendan Murphy said.
“Risk management must reflect this new reality. Identifying the impact of any interconnectivity early can mitigate or help prevent losses occurring. It is also essential to foster cross-functional collaboration within companies to tackle modern risks,” he added. The survey, carried out annually and now in its fourth year, shows that more traditional concerns like supply chain interruption and natural catastrophes still top the list of companies’ biggest fears.
But cyber crime is now ranked among the top five risks for the first time. In Germany, the UK and the US, it is ranked among the top three concerns.
Better hardware and software solutions including monitoring tools, better processes and improving awareness amongst employees would also help companies to be better prepared for cyber crime, the report says.
But such improvements would not lead to 100pc IT security, which does not exist, according to AGCS’ Germany and Central Europe chief executive Christopher Lohmann.
“You can avoid some risks, you have to accept some risks, you need to control some risks and other risks need to be transferred,” Mr Lohmann said.
Political and social upheaval is another business risk causing fast-growing concern amongst companies, the survey found.
It appears in the top 10 perceived risks in Europe, the Middle-East and Africa for the first time this year, and is also a new entrant in the top 10 risks for Brazil.
Political and social upheaval is ranked the top business concern in Ukraine, and is seen as one of the top three risks in Russia and Switzerland.
“Country risk levels change more often and more frequently than they did in the past, which makes risk assessment more volatile,” AGCS head of crisis management Christof Bentele said.
In the long-term, climate change and “disruptive technologies” like 3D printing – which could threaten manufacturing jobs – and nanotechnology feature at the top of the list of companies’ fears.
“Safety margins are shrinking as developments in safety and human behaviour are often not aligned with technological advances,” AGCS head of emerging trends Michael Bruch said.
“Negative effects of failure are further multiplied as interconnectivity is expanding along with global supply chains, digital logistics and automation.”