Cyber-incidents, business interruption, and changes in legislation and regulation are the three biggest risks to companies globally, according to research by German insurer Allianz.

Some 39 percent of corporates globally that responded to Allianz’s latest “Risk Barometer” rated cyber-incidents—including data breaches, fines, and penalties—as the biggest threat to businesses (especially for those companies based in the United States, the United Kingdom, India, South Africa, South Korea, and several EU countries).

Furthermore, cyber-threats are one of the most expensive risks for companies to face: for example, a mega data breach—involving more than one million compromised records—now costs on average $42 million to resolve (including settling fines or litigation after the event). Breaches in excess of 50 million records cost $388 million on average (up 11 percent on last year).

Top 10 global risks

  1. Cyber-incidents (including cybercrime, IT failure/outage, data breaches, fines, and penalties)
  2. Business interruption (including supply chain risks)
  3. Changes in legislation and regulation (including trade wars, tariffs, sanctions, and Brexit)
  4. Natural catastrophes
  5. Market developments (including volatility, intensified competition, new entrants, market stagnation and fluctuation, and increased M&A)
  6. Fires and explosions
  7. Climate change and weather volatility
  8. Loss of reputation or brand value
  9. New technologies (including the impact of AI, 3D printing, autonomous vehicles, blockchain, nanotechnology, and Internet of Things)
  10. Macroeconomic developments (including monetary policies, austerity programs, inflation, deflation, stagflation, and commodity price increases).

Source: AGCS

Business interruption (BI), meanwhile, has dropped to second position, though the trend for larger and more complex BI losses continues “unabated,” says the report.

Globally, over a quarter (27 percent) of respondents cited regulatory trends as a key threat (though U.S. respondents listed it as fifth after cyber-threats, BI, natural catastrophes, and adverse/new market developments). Allianz found that—in terms of regulation and legislation—companies believe tariffs, sanctions, Brexit, and protectionism are key issues.

According to Allianz, around 1,300 new trade barriers were implemented in 2019 alone, while the U.S.-China trade dispute has brought the U.S. average tariff close to levels last seen in the 1970s.

“Trade policy is becoming just another political tool for many different policy ends, such as economic diplomacy, geopolitical influence or environmental policy,” says Ludovic Subran, Allianz’s chief economist, in a press release for the report. “This activism is not restricted to the US: it has spread to Japan and South Korea, India and the EU.”

Future regulatory challenges facing organizations center around environmental impact, sustainability, and climate change, says the report, and the push by many governments to vastly reduce corporates’ carbon footprints.

For example, several countries have already enshrined the goal of attaining carbon neutrality by 2050 in law, and many more will follow in the coming years, including (very likely) the European Union. Allianz says the push to move sustainability into day-to-day risk management will mean all businesses will have to develop a clear environmental, social, and governance (ESG) profile by disclosing these associated risks as well as opportunities using state-of- the-art methodologies and techniques.

And as executives could be held responsible for how ESG issues and climate change are addressed at a corporate level, they will have to consider the impact of these when looking at strategy, governance, risk management, and financial reporting, says Allianz.

For many corporates, the process of data gathering, target-setting, and measurement implementation will be a cumbersome one—but one which also provides huge opportunities, says the report.

“EU sustainability regulation is nothing less than a game changer,” states Subran. “The impact on corporates will be as wide-ranging as that of the new rules on accounting and data protection were in the past.”

“Increasingly, companies and investors alike—not least driven by their own regulatory constraints—will choose their business partners by their sustainability credentials,” he adds. “Corporates that anticipate the coming sustainability regulation will be ahead of the curve in competition.”

Climate change—which includes the threat of increased regulatory enforcement and litigation—was ranked as the seventh biggest risk globally in the survey (after natural catastrophes, adverse market developments, and fires/explosions), with one-third of those respondents citing its effect on corporate reporting and compliance as a key concern.

Allianz says there is an estimated 1,500 new laws being introduced around the world every year in response to climate change, although different jurisdictions are taking different approaches. The report also points out failure by corporates to suitably address climate risks is increasingly resulting in litigation: for example, climate change cases targeting “carbon majors” have already been brought in 30 countries around the world, with most cases filed in the United States.