The recently released Allianz Risk Barometer ranked the top business risks for 2018, based on the views of more than 1,900 risk management experts globally. Here, we look at the top three identified business risks for Australia and discuss how they can be effectively managed.

#1 Cyber incidents

It will come as no surprise that, in Australia, cyber risk is the top ranked risk and, globally, this is seen as the second biggest risk for companies.

Although the most publicised cyber incidents tend to involve the theft of personal data that hackers may then seek to sell (think of the theft of the data of 143 million consumers from Equifax) or publish (think of Ashley Madison's breach, where the data of 37 million users was stolen), cyber risk covers a broad range of activities other than data theft, including broader cyber crimes, data loss from employee error and system malfunctions. As an example of the other types of risk covered, Reuters reported the first safety system breach by hackers at an industrial plant in December 2017. Although few details are publicly available, it is reported that malware was used to take remote control of a workstation running the relevant safety shutdown systemi. If that was not enough, in January 2018, vulnerabilities in Intel chips were discovered which allow the theft of data. Unfortunately, given that these vulnerabilities impact a broad range of hardware and software, it has been difficult to release patches that will provide protection from hackers seeking to exploit these vulnerabilities in all cases.

Although it may not be possible to eliminate cyber risks entirely, it is possible to take steps to minimise these. Companies should consider an overarching cyber management strategy, covering not only the implementation of IT protections, but also broader policies and procedures (including employee training), cyber insurance and protections in contractual arrangements. If an incident does occur, a well tested incident response plan is critical – given many companies suffer significant reputational damage if a cyber breach is not appropriately handled. For more information on the steps you may take, see here.

Footnote

i https://www.reuters.com/article/us-cyber-infrastructure-attack/hackers-halt-plant-operations-in-watershed-cyber-attack-idUSKBN1E8271

This publication does not deal with every important topic or change in law and is not intended to be relied upon as a substitute for legal or other advice that may be relevant to the reader's specific circumstances. If you have found this publication of interest and would like to know more or wish to obtain legal advice relevant to your circumstances please contact one of the named individuals listed.