Cyber-risks a major concern for South African, African businesses – Allianz

18th January 2022 By: Schalk Burger - Creamer Media Senior Contributing Editor

Cyber-risks are the biggest concern for companies globally, in South Africa, Africa, the Middle East and Nigeria in 2022, and the threat of ransomware attacks, data breaches or major information technology outages are of greater concern to companies than business and supply chain disruption, natural disasters or the Covid-19 pandemic, all of which have heavily affected firms in the past year, says corporate insurance multinational Allianz Global Corporate and Specialty (AGCS) in its 'Allianz Risk Barometer 2022' report.

“Business interruption will likely remain the key underlying risk theme in 2022. For most companies the biggest fear is not being able to produce their products or deliver their services. 2021 saw unprecedented levels of disruption, caused by various triggers. Crippling cyber-attacks, the supply chain impact from many climate change-related weather events, as well as pandemic-related manufacturing problems and transport bottlenecks wreaked havoc,” says AGCS CEO Joachim Mueller.

“This year only promises a gradual easing of the situation, although further Covid-19-related problems cannot be ruled out. Building resilience against the many causes of business interruption is increasingly becoming a competitive advantage for companies,” he says.

Cyber incidents are one of the top three perils in most countries and regions surveyed, including South Africa, Nigeria and Africa and the Middle East, and the main driver is the recent surge in ransomware attacks, which are confirmed as the top cyberthreat for the year ahead by 57% of survey respondents.

Recent attacks have shown worrying trends such as double extortion tactics, which combine the encryption of systems with data breaches, exploiting software vulnerabilities, which potentially affect thousands of companies, such as Log4J and Kaseya, or targeting physical critical infrastructure, such as the Colonial pipeline attack in the US.

Cybersecurity also ranks among companies’ major environmental, social and governance (ESG) concerns, with respondents acknowledging the need to build resilience and plan for future outages, or face the growing consequences from regulators, investors and other stakeholders.

“Ransomware has become a big business for cybercriminals, who are refining their tactics, lowering the barriers to entry for as little as a $40 subscription and requiring little technological knowledge. The commercialisation of cybercrime makes it easier to exploit vulnerabilities on a massive scale. We will see more attacks against technology supply chains and critical infrastructure,” explains AGCS global head of cyber Scott Sayce.

Further, business interruption ranks as the second most concerning risk globally and South Africa, Africa, Middle East and Madagascar. However, it ranked first in Ghana, Kenya, Morocco and Namibia, AGCS says.

“In a year marked by widespread disruption, the extent of vulnerabilities in modern supply chains and production networks is more obvious than ever. According to the survey, the most feared cause of business interruptions is cyber incidents, reflecting the rise in ransomware attacks but also the impact of companies’ growing reliance on digitalisation and the shift to remote working.”

Natural catastrophes and the pandemic are the two other important triggers for business interruptions in the view of respondents, the company says.

Additionally, in the past year, post-lockdown surges in demand have combined with disruption to production and logistics, as Covid-19 outbreaks in Asia closed factories and caused record congestion levels in container shipping ports.

Pandemic-related delays also compounded other supply chain issues, such as the Suez Canal blockage or the global shortage of semiconductors after plant closures in Taiwan, Japan and Texas from weather events and fires.

“The pandemic has exposed the extent of interconnectivity in modern supply chains and how multiple unrelated events can come together to create widespread disruption. For the first time the resilience of supply chains has been tested to breaking point on a global scale,” says AGCS property industry lead, technology, media and telecoms Philip Beblo.

The Covid-19 pandemic will likely drive high levels of supply chain disruption into the second half of 2022, although mismatches in global demand and supply and container shipping capacity are eventually predicted to ease, assuming no further unexpected developments.

“Awareness of business interruption risks is becoming an important strategic issue across entire companies. There is a growing willingness among top management to bring more transparency to supply chains with organisations investing in tools and working with data to better understand the risks and create inventories, redundancies and contingency plans for business continuity,” says AGCS global head of property risk consulting Maarten van der Zwaag.

Political risks and violence and critical infrastructure blackouts are growing concerns for businesses in South Africa. Political risks and violence moved from sixth place to fourth following major losses from physical damage, business interruption and loss of revenue, looting and vandalism caused by civil commotion, protests and riots in 2021.

Critical infrastructure blackouts entered the top three risks from sixth place, showing that companies are concerned about the impact of blackouts on their businesses and the economy.

“Large-scale terrorism events have declined drastically in the last five years. However, the number, scale and duration of riots and protests in the last two years is staggering and we have seen businesses suffering significant losses,” says AGCS head of global political violence and hostile environment solutions Bjoern Reusswig.

“Civil unrest has soared, driven by protests on issues ranging from economic hardship to police brutality which have affected citizens around the world. Further, the impact of the Covid-19 pandemic is making things worse, with little sign of an end to the economic downturn in sight meaning the number of protests is likely to continue climbing,” he says.

“Preparation is key, in particular for exposed sectors such as retail. Businesses need to review their business continuity plans and should be aware of what is happening around them. Typically, these only focus on national catastrophes, but there is a need for business continuity plans to address political disturbances and other types of business disruption like cyber,” explains AGCS South Africa CEO Thusang Mahlangu.

Having defined, and preferably tested, procedures in place is crucial, and which should include staff, client and general communication and social media plans. It is imperative for companies to think deeply about how they can best protect their assets and people.

Pandemic outbreak remains a major concern for companies, but drops from third to fifth in South Africa and second to fourth position globally, although the survey predated the emergence of the Omicron variant, the report shows.

While the Covid-19 crisis continues to overshadow the economic outlook in many industries, businesses feel they have adapted well. The majority of respondents (80%) think they are adequately or well-prepared for a future incident. Improving business continuity management is the main action companies are taking to make them more resilient.

Further, the rise of natural catastrophes to third position and climate change to sixth position globally is significant, with both upwards trends closely related. Climate change moved up one place to sixth in South Africa and came in as a new entrant in Africa and Middle East at tenth position.

Recent years have shown the frequency and severity of weather events are increasing due to global warming. For 2021, global insured catastrophe losses were well in excess of $100-billion, which is the fourth-highest year on record.

Hurricane Ida in the US may have been the costliest event, but more than half of the losses came from so-called secondary perils such as floods, heavy rain, thunderstorms, tornadoes and even winter freezes, which can often be local but increasingly costly events, AGCS says.

Meanwhile, Allianz Risk Barometer respondents are most concerned about climate-change-related weather events causing damage to corporate property, at 57%, followed by business interruptions and supply chain impact, at 41%.

“However, they are also worried about managing the transition of their businesses to a low-carbon economy, at 36%, fulfilling complex regulation and reporting requirements and avoiding potential litigation risks for not adequately taking action to address climate change, at 34%.

“The pressure on businesses to act on climate change has increased noticeably over the past year, with a growing focus on net-zero contributions. There is a clear trend for companies towards reducing greenhouse gas emissions in operations or exploring business opportunities for climate-friendly technologies and sustainable products,” observes Allianz SE chief sustainability officer Line Hestvik.

“In the coming years, many corporate decision-makers will be looking even more closely at the impact of climate risks in their value chain and taking appropriate precautions. Many companies are building up dedicated competencies around climate risk mitigation, bringing together both risk management and sustainability experts,” he says.

Additionally, the shortage of skilled workforce, for 13% of respondents, is a new entry in the top 10 risks at number nine globally and eighth in South Africa

“Attracting and retaining workers has rarely been more challenging. Respondents rank this as a top five risk in the engineering, construction, real estate, public service and healthcare sectors, and as the top risk for transportation.”

Further, changes in legislation and regulation remain in fifth position globally, at 19%, but moves down three places to seventh in South Africa. Prominent regulatory initiatives on companies’ radars in 2022 include anti-competitive practices targeting big tech, as well as sustainability initiatives with the European Union taxonomy scheme.