Cyber risks as biggest liability risk for managers
When it comes to the biggest liability risks for executives, cyber extortion, cyber attacks and data loss are cited first. WTW's Directors' and Officers' Liability Survey shows that climate change, corruption, pollution and regulation are also threats to executives.
Managers in Germany, Austria and Switzerland (DACH) perceive cyber risks as the most significant liability risks. This is the result of the annual "Directors' and Officers' (D&O) Liability Survey" conducted by the management consultancy WTW and the international law firm Clyde & Co, for which 610 board members, managing directors and risk managers from 40 countries were asked about their greatest liability risks.
Cyber extortion as top liability risk
The top 3 positions in the DACH region are occupied by cyber extortion, cyber attacks and data loss (Fig. 1). This is in line with the managers' global assessment. "We clearly see the uncertainties and high volatilities that companies are currently facing. They are surrounded by ongoing crises and at the same time have to maintain their business operations. "Risk management therefore takes on even more strategic relevance and is particularly supportive of companies at this time," says Kilian R. Manz, Head of Corporate Risk & Broking Switzerland at WTW in Switzerland.
# |
| DACH region | Worldwide |
1 | Cyber extortion | 67% | 57% |
2 | Cyber attacks | 67% | 62% |
3 | Data loss | 52% | 62% |
4 | Climate change | 52% | 42% |
5 | Bribery and corruption | 45% | 47% |
6 | Pollution | 45% | 37% |
7 | Antitrust law/guidelines | 42% | 37% |
Fig. 1: How significant are the following risks for your organization's managers? (Percentage of respondents who answered "very" or "extremely significant").
Cyber and economic risks threaten business activity
Asked about the biggest risks to their overall business, DACH managers also rate cyber dangers as the biggest liability risk: 67 percent of respondents see them as a threat to their business. This is followed by economic risks such as the tight labor market as well as inflation and recession (64 percent), on a par with regulatory hurdles (see Fig. 2 in the box).
In contrast, economic risks dominate the global responses. "Within these risks, companies worldwide feel most threatened by inflation, recession and a shortage of skilled workers," says Manz. The labor market risk, i.e. the difficulty of recruiting and retaining workers, is put at 74 percent in the DACH region.
Cyber: Risk from extortion increases
Threats from cyber attacks and data loss have been increasing in relevance for years and have found themselves in the list of top risks for managers since 2018 - regardless of company size. Since 2022, cyber extortion has increasingly come to the attention of managers. "Cyber extortion demands can be significant depending on sensitivity and data category, which is why attackers focus on appropriately attractive targets," said Leotrim Jasiqi, Head of FINEX Switzerland at WTW. "The criminals' technological edge provides changing dynamics of risk. Accordingly, risk management must be continuously reviewed and adjusted if necessary. While liability risk is covered by well-designed and aligned cyber and D&O policies - insurers may limit this coverage if companies cannot demonstrate appropriate IT security measures."
Climate liability risk: significance lower than expected
Climate change and environmental pollution as D&O liability risks are ranked slightly higher in DACH than worldwide - but for almost half of the managers surveyed, they play a minor role. Only for managers of organizations with revenues of five billion dollars or more does climate change rank among the top seven risks. "Depending on the size of the company, the assessment of critical, serious threats changes," Jasiqi said. "Large, publicly traded corporations have certain disclosure requirements that can increase the risk of an ESG-related lawsuit. For the smaller companies, the risk of insolvency is much more present. Claims related to insolvency present an increased D&O risk." The D&O Survey bears this out, with 51 percent of firms with less than $50 million in revenue rating the risk of insolvency or financial distress as very or extremely significant.
Jasiqi continues: "There are always examples of companies that have not been able to recover from a cyber attack. This tendency is not (yet) apparent with ESG risks. Nevertheless, it can be said that the larger the company, the higher its environmental footprint tends to be. International orientation can also be critical in assessing social and regulatory responsibility. "
"Data-based fundamentals support making time-relevant decisions and defining standards. This is all the more important as we must expect liability risks to increase further in the future," says Manz. "Cyber risk is almost unmanageable for many market participants and can only be limited by stronger security measures. Against this backdrop in particular, companies should resolutely put the hedging of these liability risks to the test as part of their risk management process."
Source: WTW
Overviews of other risks
Risks for business operations
DACH region
Total
Cyber Risks
67%
62%
Regulatory/legislative changes
64%
61%
Economic risks
64%
63%
Climate change
50%
39%
Covid-19 and lockdown measures
48%
42%
Technological advances
(artificial intelligence and machine learning)
48%
42%
Geopolitical risks
42%
46%
Diversity, equality and inclusion
18%
31%
Brexit
0%
11%
Fig. 2: Which risks pose the greatest threat to your company's business operations? (Percentage of respondents who answered "very" or "extremely significant").
