This article is part of the
Global Risk Dialogue - Spring/Summer 2022
The 1 minute dialogue
- Cybercrime threatens to outpace society’s ability to manage and respond to it
- The Covid crisis has created new demands for functionalities and improved service offerings from technology and telecoms providers
- Investor activism and ESG (environmental, social and governance) will be one of the hottest issues facing the sector in the next few years
- Robust and resilient operations will be essential to navigate the increasingly interconnected risk landscape
Allianz Risk Barometer 2022
Top 5 risks in Technology and telecoms
1. Cyber incidents
2. Business interruption
3. Pandemic outbreak
4. New technologies
5. Changes in legislation and regulation
1. Cyber incidents
Over the last two years, the pivot to remote working has seen many industries undergo an accelerated process of digitalization, a trend boosted by a proliferation of platforms and devices. This has enabled business activities to continue, but also increased entry points for cybercrime. A shortage of cybersecurity professionals and patchwork governance mechanisms has aggravated this risk.
Cyber insurance claims have increased significantly over the past three years, driven by the rise of losses from external manipulation of systems, as well as the increased uptake in cyber insurance. Overall, claims seen by AGCS (across all industry sectors) increased from almost 500 in 2018 to around 1,100 last year. Ransomware attacks have emerged as a growing threat. In 2020, the number of ransomware claims AGCS was involved in increased by over 40%, although this represented a small proportion of claims overall. This activity is so potentially lucrative criminals are now offering ‘Ransomware as a Service’ for as little as $40 a month.
The surge in cybercrime threatens to outpace society’s ability to manage and respond to it. At the same time, hackers are eyeing up bigger and more critical targets – such as the breach of American tech firm SolarWinds in 2020 that compromised multiple US government departments and agencies – with potentially wide-scale consequences across society. The ensuing physical disruptions and business interruptions of attacks like that on the Colonial Pipeline in 2021 have financial consequences for companies, consumers, and insurers.
There are intangible costs too – the effect on victims’ mental health, the impact on brand reputation, and the undermining of public trust in businesses and institutions.
All organizations should ensure compliance with the legislation and regulations that govern their activities in all jurisdictions they operate in. As the risk landscape changes, businesses need to be aware of how this will impact their activities and take steps to protect their assets. The invasion of Ukraine is a salient reminder of the omnipresent danger of state-sponsored cyber-attacks that aim to disrupt and disable IT systems. Many companies are on alert for an escalation in hacking attempts and Russian reprisal cyber-attacks after the imposing of sanctions by Western nations, resulting in a number of the country’s lenders being kicked off the global payments messaging system Swift [1].
2. Business interruption
3. Pandemic outbreak
4. New technologies
With the widespread rollout of new technologies, we are seeing increased reliance on cloud providers, data aggregators, APIs (application programming interfaces), and other intermediaries. These are all part of the new interconnected world and depend upon critical infrastructure. If a cloud provider goes down, the knock-on effects on an organization’s supply chain can be considerable – the failure of automated systems that rely on shared data could result in lost orders, non-delivery of goods and services, and delays to back-office functions. A global outage at Facebook in October 2021 is thought to have cost the company $100m [2] in lost revenue.
With technology advancing so rapidly, we must be mindful of its potential impacts on our society and environment. Everybody is talking about 5G, which on paper will greatly benefit society – people will be able to access more data faster and, in the long run, more cheaply. But in January 2022, the rollout of 5G mobile phone services near airports in the USA was postponed because airlines had concerns about its potential interference with aviation systems. As with any new technology, we need to be aware of associated health risks and unintended consequences.
Digital currencies and payments are also innovations we’re watching with interest, although the infrastructure is not yet available to handle them by default, and regulation is likely to create barriers to wider adoption. Digital currencies are emerging as a new asset class, but there is uncertainty around potential asset bubbles and concerns about money laundering, ransomware attacks, third party liabilities and ESG issues [3].
5. Changes in legislation and regulation
Regulatory changes often lag behind technological advances, which can inhibit the adoption of innovations. They can also affect a company’s bottom line as they require new ways of working and incur fines and penalties for businesses that do not comply.
Changes in legislation are being driven by a combination of factors, including advancing technology and high-profile cyber incidents. Data security and privacy laws are top concerns in tech with a number of companies receiving significant fines for falling foul of the General Data Protection Regulation (GDPR). At the same time, society is changing. As investor activism exerts pressures and a younger generation make their voices heard about ESG concerns, companies must evolve or face more shareholder and class actions around areas such as climate change, diversity, and executive pay. Interestingly, Allianz Risk Barometer respondents cited cyber security resilience as their main ESG priority – increasingly, cyber security considerations are incorporated into the ESG risk-analysis frameworks of data providers, who look into companies’ data protection and information security practices to evaluate their preparedness for cybercrime. This will be a major consideration for companies in years to come.
6. Natural catastrophes
7. Shortage of skilled workforce
Access to talent is challenging the tech sector, as well as many other industries, and there is an ongoing need to upskill working populations and reduce barriers to entry for skilled workers from overseas. The older generation is retiring and we do not have enough talent in the pipeline so a number of organizations are aggressively recruiting. Amazon recently more than doubled its maximum base salary for tech and corporate workers, citing a competitive labor market. Higher salaries like this in the US will make it harder for tech companies around the world to compete, so we will need more global mobility in the workforce.
Corporates also face competition from start-ups, which attract a younger generation with a different kind of package – the promise of equity and a flexible working culture. On a more optimistic note, we see a number of universities and colleges developing IT security programs that should swell the ranks of talented graduates in the next few years. With so many new technologies on the horizon, from cryptocurrencies to the metaverse, we need bright enquiring minds to help us create the solutions of the future.
Risk mitigation: how to future-proof your operations
What these seven trends reveal is the extent to which risks are interrelated and aggregated in the networked world we live and work in. Faced with loss scenarios that can fall like dominoes, businesses need robust, resilient operational processes to safeguard their supply chains and ensure business continuity.
Business continuity planning (BCP) reviews are essential and must be regularly updated. Cyber protection should include regular backups, segmentation of data, the right end-point detection and multi-factor authentication. Data is paramount. Insurers such as AGCS can leverage your company data to facilitate a tailored risk assessment and help draw up a personalized mitigation strategy.
Cyber risk management for the cloud
References
[1] FT, Banks on Alert for Russian Reprisal Cyber Attacks on Swift, March 15, 2022
[2] The Times, What Caused The Facebook Outage and How Much Did It Cost Mark Zuckerberg’s Company? October 6, 2021
[3] AGCS, Financial Services Risk: Unintended Consequences Of Innovation And New Technologies, May 2021
Pictures: Adobe Stock, Shutterstock
Growing interest in ART solutions
AGCS offers a number of traditional insurance solutions for the tech and telecoms sectors, with particular focus on hardware manufacturing, software and IT services, telecom network operations, and the semiconductor and hi-tech sub-sectors. These traditional solutions include Liability, Property, and Financial Lines cover.
However, tech and telecoms businesses often have strong risk management procedures and access to a lot of data, which is driving growing interest in Alternative Risk Transfer (ART) solutions. This is especially true if risk managers have a non-traditional exposure and believe their current risk profile has not been fairly considered in the current market environment. These companies are interested in exploring alternative insurance vehicles, like captives or the capital markets. An ART solution, such as a multi-year and multi-line program, could help them reduce volatility over the long term. For example, this could be for a company that wants to organize cover for any potential liabilities for its directors and officers in their official capacities.
Larger tech companies can share relevant data with the ART team at AGCS, allowing them to synthesize this information and provide a bespoke solution. ART experts can also provide tailored support with captives and fronting. Depending on your jurisdiction, captives may not be licensed to issue policies internationally, so AGCS can call upon its ART team to provide expertise in these transactions.