Cyber remains a leading risk for Asia

Asia, like the rest of the world, has faced significant challenges over the past couple of years. At the initial epicentre of the Covid-19 pandemic, Asian organisations continue to grapple with the virus more than two years on, while dealing with a host of other unique risk factors across the continent 

Aon’s 2021 Global Risk Management Survey provided a snapshot of the biggest risk factors in Asia over the past 12 months.

The broking and advisory group’s survey found that business interruption, an economic slowdown, and the ever-present threat of cyber attacks were the top three risks for risk professionals.

Aon’s survey also noted pandemic risks, health crises, changing market factors, and increasing competition as prominent issues. Commodity price risk, scarcity of materials, reputational and brand damage, cash flow risk, and supply chain failure were also cited as major causes for concern.

Entering the second quarter of 2022, a number of these factors remain significant challenges for Asian risk professionals. Issues like a supply chain slowdown, amid a worsening Covid situation in China, and subsequent problems across supply chains and manufacturing facilities, loom larger in 2022 than in 2021.

In a bid to untangle supply chain issues, nations including Singapore and New Zealand have begun to strike deals to ease the path for exporters.

Asian corporates with close ties to China are expected to struggle on as several cities in China, including the economic powerhouse of Shanghai, deal with the effects of strict lockdowns.

Asia most attacked region

Health crises remain, and cyber challenges are bigger than ever. Cyber, in particular, remains a significant challenge for corporates across Asia.

According to IBM’s X-Force Threat intelligence team, APAC was the most attacked region by cybercriminals in 2021, accounting for one in four attacks globally. Japan, Australia, and India received the most attacks, ranging from server access hacks to remote access trojans and data theft.

The Pan-Asia Risk and Insurance Management Association (Parima) has cyber firmly at the top of its biggest risks. A member survey, conducted last year and released this year, saw cyber come out on top in every member country apart from Japan and China, both of which selected natural catastrophes.

Risk experts do not expect the cyber threat to dissipate any time soon. As more organisations transition to working from home, introducing flexible working arrangements, companies will become more vulnerable to cyber-attacks. Hackers are on the lookout for weak defences and are ready to exploit them.

Parima general secretary Steve Tunstall, says cyber remains “one of the main two risks in Asia”, “whether it’s cyber health or cyber innovation”.

“Obviously, most organisations’ technology resources have been pushed close to breaking point due to Covid. Everybody talks about having this capability to let people work remotely, and we have now seen it delivered in most organisations. What we haven’t perhaps seen is the downsides of these systems that couldn’t cope, and the resulting data loss and breaches. How that plays out in the long term is anybody’s guess.”

A fragmented regulatory landscape around cyber and data protection could mean we don’t see the true impact of Working From Home (WFH) data breaches for a while yet.

“In Asia, there is now a fairly robust regulatory framework in most jurisdictions around declaring cyber breaches,” Tunstall says. “But I think the actual implementation and enforcement of that is still patchy in many places. “I suspect there are issues under the surface, or issues that haven’t been identified yet,” he adds.

ESG rises up the agenda

According to PARIMA’s Tunstall, who is based in Singapore, the issue of sustainability, and transitioning to carbon net-zero, is also front of mind for Asian risk managers.

While he was “pleased sustainability is getting onto boardroom agendas”, Tunstall says “there’s still a real mix of definitions, interpretation, and understanding”.

“Some organisations are lasered in on climate change, others are still talking in terms of ESG,” he adds. “So we’re seeing quite a mixture in the way this has been interpreted by the community. I think it’s a matter of time until we end up with global standards that people can shoot for.”

“The key thing for me is that it has people’s attention,” Tunstall adds. “It only had the attention of 5% of companies five years ago. Now it’s on the agenda for every company. The question is whether they have the tools, knowledge, and ability to do anything about it.”

“Fundamentally there’s a need for education,” he adds. “There’s been a lack of consistency from political leaders as to how changes will be implemented.”

Kelvin Wu, corporate risk manager for global health and security firm International SOS, also cites sustainability as a major risk factor for the year ahead.

Wu, based in Singapore, says: “We are seeing ESG, and in particular sustainability, as a topic very much at the forefront across the region. Given the broad definition of sustainability and the initial focus of it around energy, the challenges for risk managers are around trying to figure out more specifically what ESG and sustainability means for the organisations they represent.”

According to Wu, governance issues have also arisen around sustainability.

A compliance and reporting minefield

“We are also starting to explore with partners and members the governance responsibilities and risks for board members and directors when it comes to sustainability in the region, which again is a fairly new concept,” he adds.

With sustainability poised to become one of the key issues facing corporate risk managers in Asia, Tunstall believes executives need to closely monitor their operations for sustainability risks.

“The biggest thing is just collecting and managing all of those stakeholders, watching where the potential gaps are going to open up, and making sure the wheels don’t fall off.”

Tunstall says corporates risk overlooking aspects of sustainability compliance due to the vastness of the topic.

“One of the biggest risks is that the baby goes out with the bathwater,” he adds. “We’ve all seen examples of big corporations who focus in one area and take their eye off the ball somewhere else. Then you end up with a massive compliance breach.”

With cyber and sustainability dominating the minds of corporate risk managers across Asia, consistent threats, such as weather, also remain top risk factors in 2022.

According to Wu, the regional insurance sector continues to evolve, with parametric insurance used widely in the recent Typhoon Rai catastrophe in December 2021.

Alongside natural catastrophes, companies continue to worry about supply chain and security issues, and the risk of contagion from Russia’s war on Ukraine.

“The situation in Ukraine is raising the spectre of political/security concerns,” Wu says. “Though for Asia, this is probably filtered through the lens of knock-on supply chain impact for now.”