Cyber attacks, increased competition and economic conditions were the top three concerns for risk managers responding to this year’s StrategicRISK Australia Risk Management Survey. Cyber rose three places, pushing failure to innovate into fourth position.

Political risk dropped down the agenda after rising sharply a year ago. Like cyber, tightening regulation and failure of critical IT systems were steep climbers. The survey, which took place in July and August 2017, gathered responses from 67 corporate risk professionals across Australasia.

Many of the risks on Australasian risk professionals’ radar are non-traditional. Physical and professional liability concerns such as natural catastrophes, injury to workers, fire or damage to property and contractual risk featured lower in the ranking compared to more strategic risks. These include economic conditions, failure to innovate and increased competition.

“Companies can take years to recover from an event - one needs only to look at Christchurch”

However, with losses from Cyclone Debbie approaching A$1.4 billion, it is clear natural disasters remain on risk managers’ radar at home and abroad. Natural catastrophe rose one position to 10th in the overall ranking and was fifth from a financial

loss perspective. As manufacturers shift their focus from China to other low-cost Asian countries, the risk of supply chain disruption arising from natural catastrophes also needs to be managed.

“Losses related to business interruption and supply chain typically account for 55% to 75% of insured property catastrophe losses, being a sum of more than $30bn annually,” says Kevin Bates, group head of risk and insurance at Lendlease.

“Given that companies can take years to fully recover from the knock-on effect of such an event, it is unsurprising that this remains an enormous concern around the globe. One needs only to look at Christchurch, which is still in the process of recovering from the 2011 earthquake, to appreciate the impact right on our doorstep.”

DISRUPT OR BE DISRUPTED
It is clear that in an increasingly competitive environment, the ability to adapt, invest in new technologies and leverage data is critical. Innovation remains a double-edged sword, depending on whether an organisation can leverage new methods of production or distribution to their advantage. The risk is that organisations that fail to adapt their business models quickly enough cannot compete effectively.

“The business environment is changing rapidly, so management needs to be strategic in their approach to risk management,” says Noel Condon, chief executive at AIG Australia. “This is likely to be reflected in their concern for economic conditions and failure to innovate.

“Brands such as Uber and Airbnb have disrupted the taxi and hotel industries, but other industries are not immune. Similarly, automation is likely to touch all industries and businesses need to be prepared

for how they will be affected. Failure to innovate is a real concern and companies need to be strategic in their response, as it is one problem for which there is unlikely to be an insurance solution.”

AVOIDING A CRISIS
Robin Johnson, country head at XL Catlin Australia, is not surprised that more esoteric concerns, such as cyber and damage to company reputation and brand, remain high on the risk agenda. “Companies are more reliant on connected technology and their various digital platforms, which means they are in turn more exposed to cyber risks and operational IT risks,” he says. “Recent high-profile cyber incidents have increased interest in risk transfer solutions. Added to that, Australia’s new laws on data breaches mean companies are taking their exposure seriously.”

Badly handled cyber attacks and poor examples of crisis management – United Airlines being perhaps the most notorious – are among the incidents that have dented reputations and hit some share prices in 2017. As Warren Buffett once noted: “It takes 20 years to build a reputation and five minutes to ruin it.”

Deborah D’Souza, manager of group insurance and risk management at Commonwealth Bank of Australia, says it has taken steps to reduce the potential for reputational risk. “There has been a big focus on organisational culture to address past issues arising from the advice and life insurance businesses,” she says. The bank has transferred some of that risk via cyber insurance, using bespoke wording that is updated as the risk landscape shifts.

Recent high-profile cyber incidents have increased interest in risk transfer solutions

THE COMPLIANCE BURDEN
Tightening and changing regulation was this year’s biggest climber, rising five places to rank as the fifth-biggest concern. With new regulatory frameworks coming into force, a rise in penalties (including the EU’s record $2.7bn antitrust fine against Google) and cross-border co-operation between supervisors, risk managers are clearly feeling the burden.

Rolls-Royce’s £671m fine, paid to US, UK and Brazilian authorities to settle past cases of bribery, is likely to have an impact on perceptions of regulatory risk around the globe. The tougher stance on bribery and corruption and increasingly stringent requirements around data protection are indicative of the less forgiving regulatory environment.

However, as is the nature with risk, there is an opportunity to transform regulation into a source of competitive advantage for organisations ahead of the compliance curve. The challenge in an increasingly complex world, according to Anton Francis, head of enterprise risk and compliance at Vodafone Australia, is to measure and manage these strategic risks, particularly as they evolve.

“We are always more comfortable with dealing with risks that we can mathematically measure, quantify and develop clear action plans around,”

he says. “However, the top five risks cannot simply be represented mathematically. There are too many variables, combinations and/or the rate of technology/regulatory changes make these risks far more unpredictable. The positive is that we are moving (albeit slowly in my opinion) towards a more holistic view on risks (i.e. both qualitative and quantitative) – which is a good thing.”

While not as high in the ranking as it was a year ago, political risk is more of a concern than it was in 2015. With a war of words between the US and North Korea, uncertainty over the UK’s exit from the EU and crises in many parts of the world, including Venezuela and Yemen, there is a feeling the world is a less stable place. “Following Brexit and the election of Donald Trump, I think individuals and organisations are far more conscious and focused about things that historically may have had a lower probability of occurring,” says Francis.

But AIG’s Condon does not think survey respondents placed adequate weight this year on the disruptions that could potentially arise: “Political risk is often only considered as a developing country exposure, and the survey shows that this is less of a concern year on year. Yet we’re seeing increasing political risk in developed world economies. Brexit is an obvious case, but also here in Australia we have government intervention in a number of industries.”

Johnson says XL Catlin has seen increased demand for political risk and crisis management policies on a global basis. “I believe this is because of the changing political landscape in various countries around the globe and recent attacks in Europe. For companies trading overseas, political risk insurance is very much a necessity, but it requires a long-term approach and goes well beyond the political climate in a handful of countries at a given time.”

Figure 3: Australia’s top risks by ranking 2015 - 2017
Methodology
To identify the risks of highest concern (that is, those most likely to occur and with the highest financial impact), a combined average score was calculated for both likelihood and financial impact for each risk and ranked in order of size. The higher the score, the more likely a risk is to occur and have a high financial impact.