Jody Yee, the new Global Industry Solutions Director for Technology, Media and Telecoms at Allianz Global Corporate & Specialty (AGCS), discusses some of the main drivers behind the top risks facing the sector, as ranked by Allianz Risk Barometer respondents – from the spectre of cybercrime to the acute talent shortage
Risks are interrelated and aggregated in the modern networked world:
- Cybercrime threatens to outpace society’s ability to manage and respond to it.
- The COVID crisis has created new demands for functionalities and improved service offerings from technology and telecoms providers.
- Investor activism and ESG (environmental, social and governance) will be one of the hottest issues facing the sector in the next few years.
- Robust and resilient operations will be essential to navigate the increasingly interconnected risk landscape.
The following risks were identified by respondents from the technology and telecoms sectors in the annual Allianz Risk Barometer 2022. This annual report reveals the top corporate risks for the next 12 months and beyond, based on the insights of more than 2 650 risk management experts from 89 countries and territories.
TOP CORPORATE RISKS
Over the last two years, the pivot to remote working has seen many industries undergo an accelerated process of digitalisation, a trend boosted by a proliferation of platforms and devices. This has enabled business activities to continue, but also increased entry points for cybercrime. A shortage of cybersecurity professionals and patchwork governance mechanisms has aggravated this risk.
Cyber insurance claims have increased significantly over the past three years, driven by the rise of losses from external manipulation of systems, as well as the increased uptake in cyber insurance. Overall, cyber-related claims seen by AGCS (across all industry sectors) increased from almost 500 in 2018 to around 1 100 last year. Ransomware attacks have emerged as a growing threat. In 2020, the number of ransomware claims AGCS was involved in increased by over 40%, although this represented a small proportion of claims overall. This activity is so potentially lucrative criminals are now offering ‘Ransomware as a Service’ for as little as $40 a month.
The surge in cybercrime threatens to outpace society’s ability to manage and respond to it. At the same time, hackers are eyeing up bigger and more critical targets – such as the breach of American tech firm SolarWinds in 2020 that compromised multiple US government departments and agencies – with potentially wide-scale consequences across society. The ensuing physical disruptions and business interruptions of attacks like that on the Colonial Pipeline in 2021 have financial consequences for companies, consumers, and insurers.
There are intangible costs too – the effect on victims’ mental health, the impact on brand reputation, and the undermining of public trust in businesses and institutions.
All organisations should ensure compliance with the legislation and regulations that govern their activities in all jurisdictions they operate in. As the risk landscape changes, businesses need to be aware of how this will impact their activities and take steps to protect their assets. The invasion of Ukraine is a salient reminder of the omnipresent danger of state-sponsored cyber-attacks that aim to disrupt and disable IT systems. Many companies are on alert for an escalation in hacking attempts and Russian reprisal cyber-attacks after the imposing of sanctions by Western nations, resulting in a number of the country’s lenders being kicked off the global payments messaging system Swift.
Cyber-attacks can cause widespread disruption – indeed, business interruption costs account for around 60% of the value of cyber claims, AGCS analysis shows – but recent geopolitical upheaval and the pandemic have exposed other vulnerabilities in our supply chains. Whether it was shortages in lumber or semiconductors, these chinks became all too apparent as companies faced up to their overreliance on critical suppliers. Supply chain challenges can result in business interruption and contingent business interruption claims as a result of delayed components, or in D&O (directors and officers) securities claims if operational management is deemed inadequate. Liability for third-party risk could arise if lower quality components are used because of a shortage, for example, and defective products lead to bodily injury.
Building resilience has been key during the pandemic, which saw businesses scramble to deploy new mechanisms in response to a crisis. But the situation was fluid. During the first lockdowns, many people were at home, so systems needed to be in place to enable activities to continue – videoconferencing for work or online grocery services for the daily necessities. Although these facilities existed pre-COVID, they had not been fully adopted, and the urgency of the pandemic heightened demand, creating opportunities for the tech and telecoms sector, but also piling on pressures as it galvanised to meet fulfilments while facing supply chain and workforce disruption.
When lockdown rules were relaxed, people became more mobile and further adjustments had to be made by service providers. Workers could continue with video-conferencing or remote workspaces, but if they were out and about, they needed additional mobile functionalities to ensure frictionless connections and adequate security. And where consumers once accepted the limitations of delivery hours, they came to expect a 24/7 service culture, so businesses have had to adapt to meet new demands, including building their online presence and improving service. Whether it was groceries delivered by taxi or in an hour through Amazon Fresh, or new movies released simultaneously in cinemas and via an app, customer service adapted to enable choice.
The tech and telecoms sector has fared relatively well through COVID lockdowns, propelled by the world’s drive to digitise. The sector was offering much-needed products and services, but that was not the only reason it weathered the storm – it was also buoyed by robust distribution chains. A very large online retailer can own its supply chain almost from end to end. It might need access to raw materials, but it likely owns its own storage centres and employs its own staff and drivers, which cushions it from shortages other industries struggled with – labour being one of them.
With the widespread rollout of new technologies, we are seeing increased reliance on cloud providers, data aggregators, APIs (application programming interfaces), and other intermediaries. These are all part of the new interconnected world and depend upon critical infrastructure. If a cloud provider goes down, the knock-on effects on an organisation’s supply chain can be considerable – the failure of automated systems that rely on shared data could result in lost orders, non-delivery of goods and services, and delays to back-office functions. A global outage at Facebook in October 2021 is thought to have cost the company $100 million in lost revenue.
With technology advancing so rapidly, we must be mindful of its potential impacts on our society and environment. Everybody is talking about 5G, which on paper will greatly benefit society – people will be able to access more data faster and, in the long run, more cheaply. But in January 2022, the rollout of 5G mobile phone services near airports in the USA was postponed because airlines had concerns about its potential interference with aviation systems. As with any new technology, we need to be aware of associated health risks and unintended consequences.
Digital currencies and payments are also innovations we’re watching with interest, although the infrastructure is not yet available to handle them by default, and regulation is likely to create barriers to wider adoption. Digital currencies are emerging as a new asset class, but there is uncertainty around potential asset bubbles and concerns about money laundering, ransomware attacks, third party liabilities and ESG issues.
Changes in legislation and regulation
Regulatory changes often lag behind technological advances, which can inhibit the adoption of innovations. They can also affect a company’s bottom line as they require new ways of working and incur fines and penalties for businesses that do not comply.
Changes in legislation are being driven by a combination of factors, including advancing technology and high-profile cyber incidents. Data security and privacy laws are top concerns in tech with a number of companies receiving significant fines for falling foul of the General Data Protection Regulation (GDPR). At the same time, society is changing. As investor activism exerts pressures and a younger generation make their voices heard about ESG concerns, companies must evolve or face more shareholder and class actions around areas such as climate change, diversity, and executive pay. Interestingly, Allianz Risk Barometer respondents cited cyber security resilience as their main ESG priority – increasingly, cyber security considerations are incorporated into the ESG risk-analysis frameworks of data providers, who look into companies’ data protection and information security practices to evaluate their preparedness for cybercrime. This will be a major consideration for companies in years to come.
Natcat remains a concern even for companies whose main assets are in the cloud. They may not store large amounts of goods or inventory, but they have physical servers and office buildings. Many are located in coastal cities or campuses, so if they were hit by an earthquake or another natural catastrophe, there could be additional losses from flooding. With climate change and extreme weather events increasing, businesses might find their premises are now located in flood zones or are at heightened risk of windstorms, winter storms or wildfires.
Shortage of skilled workforce
Access to talent is challenging the tech sector, as well as many other industries, and there is an ongoing need to upskill indigenous populations and reduce barriers to entry for skilled workers from overseas. The older generation is retiring, and we do not have enough talent in the pipeline, so a number of organizations are aggressively recruiting. Amazon recently more than doubled its maximum base salary for tech and corporate workers, citing a competitive labour market. Higher salaries like this in the US will make it harder for tech companies around the world to compete, so we will need more global mobility in the workforce.
Corporates also face competition from start-ups, which attract a younger generation with a different kind of package – the promise of equity and a flexible working culture. On a more optimistic note, we see a number of universities and colleges developing IT security programmes that should swell the ranks of talented graduates in the next few years. With so many new technologies on the horizon, from cryptocurrencies to the metaverse, we need bright enquiring minds to help us create the solutions of the future.
RISK MITIGATION: HOW TO FUTURE-PROOF YOUR OPERATIONS
What these seven trends reveal is the extent to which risks are interrelated and aggregated in the networked world we live and work in. Faced with loss scenarios that can fall like dominoes, businesses need robust, resilient operational processes to safeguard their supply chains and ensure business continuity.
Business continuity planning (BCP) reviews are essential and must be regularly updated. Cyber protection should include regular backups, segmentation of data, the right end-point detection and multi-factor authentication. Data is paramount. Insurers such as AGCS can leverage your company data to facilitate a tailored risk assessment and help draw up a personalised mitigation strategy.
- Banks on alert for Russian reprisal cyber attacks on Swift, Financial Times.
- Tom Knowles, What caused the Facebook outage and how much did it cost Mark Zuckerberg’s company? The Times, 6 October 2021.
- Allianz Global Corporate & Specialty, Financial Services − Risk trends, Report, May 2021.