Adrian Johnson
TLDR:
- Allianz SE’s annual survey on business risk reveals that organizations are most concerned about cyber events in 2024, making it the top risk category for the third consecutive year.
- Specific concerns keeping cyber events as the top risk spot include ransomware attacks, impacts on physical assets and critical infrastructure from hacking, and the size and scope of data breaches.
According to the annual survey conducted by Allianz SE, cyber events continue to be the top risk concern for organizations in 2024. This is the third year in a row that cyber events have been the leading concern, surpassing business interruption and natural catastrophes. The survey includes insights from 3,069 risk management experts across 92 countries and has been conducted for 13 years.
Cyber events remain the top risk category due to multiple reasons, including the strong presence of ransomware attacks, increasing impacts on physical assets and critical infrastructure from hacking, and the severity of data breaches. Cyber events and business interruption have been closely linked as top concerns for over half a decade, but this year’s survey saw cyber events gain more ground as the clear top risk category. It was the top concern in 17 countries, with data breaches being the leading concern within the category.
Ransomware attacks experienced a resurgence in 2023 after a spike during the Covid-19 pandemic seemed to be returning to pre-pandemic levels. Ransomware-as-a-service outfits and the availability of cheap prefabricated kits have contributed to this increase. Additionally, cyber criminals have started using AI-generated tools to improve phishing emails and messages, making scam attempts more credible and sophisticated. The use of deepfake video and audio is also growing as capabilities in these areas improve.
The intermingling of business and personal devices, which began during the pandemic, has also become a trend. Cyber criminals are targeting personal devices as points of entry to business networks, often profiling specific employees via platforms like LinkedIn and deploying custom malware. The cybersecurity workforce gap, which currently stands at around four million people, is also contributing to cyber events as a top risk. Despite a net increase in qualified personnel each year, demand still outpaces supply.
While cyber events rank as the top risk category for all sizes of businesses, it is becoming more acute for small and medium-sized enterprises (SMEs). A growing resilience gap has made smaller businesses more vulnerable to cyber attacks, and limited budgets make it difficult for them to recover. AI automation has made it more profitable for threat actors to target less lucrative targets like SMEs. There is a need for a defense-in-depth approach against cyber events and infrastructure attacks, emphasizing investment in cybersecurity training, education, and AI-driven security solutions.
The annual survey also revealed that natural catastrophes emerged as the third top risk category due to record-setting temperatures and severe thunderstorms. Climate change became a more substantial concern among smaller countries and those with developing or troubled economies.
