Specialist insurers Allianz Global Corporate & Specialty (AGCS) have released the results of their “Allianz Risk Barometer” survey for 2023. The 2,712 participating risk management experts have once again identified cyber threats as posing the biggest risk to the business their companies are conducting. Cybercrime is believed to cost the world economy more than a trillion dollars annually – roughly one percent of global GDP.
It’s important to bear in mind that the latest outcomes are strongly influenced by the disruption of global supply chains resulting from the COVID-19 pandemic and the energy crisis brought on by Russia’s war of aggression on Ukraine. As a result, macro-economic developments (25 percent) and the energy crisis (22 percent) were far more often cited as risks than in previous years, and cyber incidents and business interruption were mentioned less often compared with the previous year. Nevertheless, the latter two were still ranked first and second in terms of mentions with 34 percent each. Looking at the regional breakdown, minor differences can be discerned. In Germany and the USA, for instance, business interruption outranked cyber threats, whereas the responses from participants from France, Spain and Switzerland reversed the order of these two threats.
Companies most wary of data breaches and ransomware
In the “cyber incidents” category, Allianz brackets IT outages, ransomware attacks and data breaches together with other incidents. This category of threats heads the list for the second year running in 2023 – something which has never happened before in the history of the survey, first published in 2012. Most of all, companies fear falling victim to a data breach, for which the average costs incurred by companies soared to record sums of 4.35 million US$ in 2022 and are anticipated to reach more than 5 million US$ this year. Large data breaches, known as mega breaches, are of course considerably more expensive. The second most common concern is ransomware – also fueled by the fact that the victim’s data is now not “merely” encrypted, but also stolen and used to blackmail partners, suppliers or customers (triple extortion). Allianz also stresses that cyber incidents often lead to interruptions in the operations of the impacted business. According to the report, hackers are increasingly attacking digital and physical supply chains concurrently. What’s more, as larger corporations tend to invest more in their cyber security, criminals are now more often setting their sights on smaller and medium-sized companies. The impact on these businesses is often even more severe, because in comparison to corporations they usually lack the financial and human resources to cope with the incident.
And while we’re on the subject: The shortage of qualified expert staff in the field of cyber security is indeed a serious problem. According to Cybersecurity Ventures, the number of vacancies in this specialist area increased by 350 percent to 3.5 million between 2013 and 2021 – you could easily fill 50 large soccer stadiums with the missing experts. Importantly, this also concerns the field of forensics and incident response, where the German Federal Office for Information Security (BSI) has declared a “fundamental shortage” of suitable staff.