Allianz Risk Barometer: Cyber incidents increased in importance, being the top business risk for year 2020

14 January 2020 — Cosmin CONCEATU
In January 2020, Allianz Global Corporate & Specialty (AGCS) published its ninth Allianz Risk Barometer survey, the biggest one yet, including 2,718 respondents from 102 countries and territories.

The annual corporate risk survey was conducted among Allianz customers (global businesses), brokers and industry trade organizations. The respondents of the survey came from large enterprises (1,348), mid-sized enterprises (521) and small enterprises (849) as well, including risk experts, risk consultants, underwriters, senior managers and claims experts from 22 industry sectors.

Respondents were asked to select the industry about which they were particularly knowledgeable and to name up to three risks they believed to be of the most importance.

According to the results of the report, the TOP-10 most important business risks in 2020 are:

  1. Cyber incidents - 39%
  2. Business interruption - 37%
  3. Changes in legislation and regulation - 27%
  4. Natural catastrophes - 21%
  5. Market developments - 21%
  6. Fire, explosion - 20%
  7. Climate change/increasing volatility of weather - 17%
  8. Loss of reputation or brand value - 15%
  9. New technologies - 13%
  10. Macroeconomic developments - 11%

Joachim MULLER, CEO of AGCS, commented on the results:

"The Allianz Risk Barometer 2020 highlights that cyber risk and climate change are two significant challenges that companies need to watch closely in the new decade."

Cyber incidents (39% of responses) were ranked first among the most dangerous risks for business in 2020. It was for the first time when this relatively new, emerging risk held the first place. In comparison, 7 years ago, cyber risks were perceived less harmful by the industry, holding the 15th place in the Risk Barometer with only 6% of responses mentioning it.

The main threat from cyber incidents comes from the damage and expenses that arise from lawsuits and litigation. Data breaches, ransomware events and business email compromise (spoofing) incidents are seen more often in the corporate world.

According to the survey respondents, data breaches are the main manifestation form of cyber incidents, becoming more and more expensive every year. Today, a large data breach involving more than 1 million records costs on average USD 42 million (up 8% y-o-y), while a data breach involving more than 50 million records costs on average USD 388 million (up 11% y-o-y). GDPR fines, inherited vulnerabilities from M&A, money demands through ransomware and fraudulent transactions are only a few of the problems that come from cyber risks.

Marek STANISLAWSKI, Deputy Global Head of Cyber at AGCS, explained:

"The cost of large data breaches continues to increase, as data protection and privacy regulation widen in scope and geographical reach and class action litigation also starts to impact the cost of dealing with a breach. Meanwhile, when an incident leads to significant business interruption, losses are typically high."


Business interruptions - BI (37% of responses) were considered the second most dangerous risks for year 2020 by study respondents. This category has lost its first position in Allianz Risk Barometer ranking to cyber risks, after 7 consecutive years when it has been ranked as the no. 1 threat for businesses. However, both risks are interlinked, AGCS mentions.

Contingent business interruption (CBI) events (whereby a company suffers a loss due to an event at a customer or supplier) are now far larger and more widespread than 10 or even 5 years ago. In recent years, natural catastrophes, fires and cyber-attacks have all caused large CBI loss events that have impacted multiple companies in multiple countries.

Some industries, such as automotive, manufacturing or pharmaceuticals, developed highly efficient global supply chains. This fact makes them vulnerable to very large BI and CBI events, given the scale of their business.

Raymond HOGENDOORN, Global Head of Property and Engineering Claims at AGCS, commented:

"Today, many companies' supply chains are much more integrated, so the financial impact of a BI is becoming larger and larger. (...) Digital supply chains can be more efficient and traceable, but a fire at a data center or a hack could cause a significant BI (...)"

Changes in legislation and regulation (27% of responses) risks drawn more attention in the industry as well, moving up from the 4th place in 2019 (27%) to the risks podium of 2020, being ranked on the third place.

Tariffs, sanctions, Brexit and protectionism (around 1,300 new trade barriers were implemented in 2019 alone) were cited in AGCS report as key concerns for respondents. Companies face other major challenges in 2020 such as "game changing" sustainability regulation in Europe (EU Sustainability Regulation). Increasingly, companies and investors are considering sustainability credentials when it comes to choosing business partners.

Ludovic SUBRAN, Chief Economist of Allianz, said:

"Trade policy is becoming just another political tool for many different policy ends, such as economic diplomacy, geopolitical influence or environmental policy. This activism is not restricted to the US: it has spread to Japan and South Korea, India and the EU."

This year, AGCS included two more CEE/SEE countries in the country-specific analysis: Bulgaria and Hungary. In addition to those, Croatia, Greece, Poland, Russia and Turkey were also included, just like in the previous edition. You can find each country risk profile on the report appendix. Here are the TOP-3 risks for each country:

  1. Changes in legislation/ regulation (41%)
  2. New technologies (41%)
  3. Business interruption (35%)

  1. Changes in legislation and regulation (53%)
  2. Cyber incidents (42%)
  3. Market developments (32%)

  1. Market developments (53%)
  2. Changes in legislation/ regulation (37%)
  3. Cyber incidents (37%)

  1. Changes in legislation/ regulation (42%)
  2. Cyber incidents (35%)
  3. Shortage of skilled workforce (35%)

  1. Business interruption (54%)
  2. Fire, explosions (42%)
  3. Cyber incidents (38%)

  1. Changes in legislation/ regulation (55%)
  2. Market developments (45%)
  3. Cyber incidents (36%)

  1. Macroeconomic development (59%)
  2. Natural catastrophes (41%)
  3. Fire explosions (35%)

You can find the full report on AGCS' website:


Share |