In an uncertain world, insurance is taking centre stage. Fire and flood have become “hygiene” factors, in a landscape of much broader, interconnected risk. It begs the question: should you be appointing your risk manager to your board?
Aviva’s recent Risk Insights Report explores how businesses perceive the key risks in 2021. Against the backdrop of Brexit, COVID-19 has accelerated digital adoption, remote working and supply chain reassessments all in a single year. This interconnectedness of risks makes scenario planning even more difficult, and even more essential.
What are the top 5 risks facing businesses today?
Unsurprisingly, the Aviva report names public health events as the single biggest risk to businesses of all sizes. The twin concerns of the pandemic and Brexit have driven concerns about changes in legislation and regulations, in addition to the economy and market developments:
- Public health events 46%
- Changes in legislation and regulations 35%
- Business and supply chain interruption 32%
- Loss of reputation and brand value 29%
- Cyber security and cyber incidents 27%
1. Public health events
COVID-19 has been so disruptive that it was named as one of the top two risks by business leaders from almost every industry – with the technology sector the only outlier (its top risks, according to 44% of its leaders, are cyber security and technological disruption).
The risks businesses face are inter-connected: for example, employees working from home presents risks to operations, IT security and employee health and wellbeing. This isn’t a new trend – but the pressures of COVID-19 have brought this to light. As businesses continue to focus on the ongoing impacts of COVID-19 focus on “traditional risks” has reduced, with only 11% and 5% of business leaders ranking climate change including extreme weather events and fire as key risks to their business.
2. Changes in legislation and regulations including Brexit
The Aviva report shows Brexit is a live issue: most are economically slightly worse off, though the UK is likely to perform strongly against its peers in the EU this year and is exceptionally resilient (with the success of the vaccination programme and genuine signs of recovery). Businesses are concerned about friction in trade and international transactions, red tape and bureaucracy, issues with supply chains and disruption of logistics.
UK businesses’ overall outlook towards Brexit was pessimistic. Four in ten said that Brexit has already had a negative impact on their business, and half think that the UK’s business environment will worsen as a direct result of the Brexit deal. Not only will trade with the EU be affected, but changes in leadership in the United States following the election of President Biden create additional uncertainty around the future of trans- Atlantic trade. Some overseas trading opportunities may be impacted in the short term by supply chain issues.
Post-Brexit immigration may impact the availability of skilled workforce, which is particularly concerning when 17% of businesses already highlighted a shortage of skilled workers as a top five risk. Similarly, there’s uncertainty in employment with the government’s proposed new Employment Bill in 2021 to replace legislation formed while the UK was part of the EU.
Supply chains that previously relied on the free movement of goods and services across the EU have had to be reviewed and revised. Three in ten (31%) businesses said they were actively looking to source from more local or British suppliers to help ensure greater transparency and control, especially as consumer attention on a business’s supply chain has heightened.
While many businesses have made changes to adapt to the post-Brexit environment, one in four SMEs had not made a material change to at least one sum insured in more than four years, raising questions over the adequacy of their financial protection.
The government‘s ‘Green Industrial Revolution’ plan could bring opportunities for UK-wide investment and green jobs. Business leaders will need to commit to operating in greener and more sustainable ways, as the UK works towards hosting COP26 in Glasgow in November and the target of reaching net-zero carbon emissions by 2050. Clear Environmental, Social and Governance (ESG) targets and measures will be expected, as the UK government shapes policies and regulations that fuel demand for low-carbon solutions and encourage sustainable private sector investment decisions.
Beyond the immediate issues of COVID-19 and Brexit, the UK is also facing a renewed surge in support for independence or reunification from some of its constituent nations.
3. Business and supply chain interruption
Who could have predicted a giant cargo ship in their disaster planning for 2021? In a world where a single ship accident can disrupt global trade, it’s time to get back to the neglected discipline of scenario planning. Businesses are reviewing their reliance on global supply chains and starting to look to domestic solutions.
Traditionally, the most common causes of business interruption claims have been risks like fire and weather-related events at the business premises or those of a supplier or customer. However, business interruption risk is being re-framed by technology changes and emerging trends such as political events, climate change and cyber-attacks.
To safe guard a business’s balance sheet, scenario planning needs to reflect changes in its business models and operations as well as emerging risks:
- Political: recent protests in France, Chile, Hong Kong and the USA have highlighted the increasing political risks facing businesses supply chains.
- Climate change: the severity and frequency of global weather events is increasing, including. the number of hurricanes recorded in the Atlantic and wildfires in California. These events can impact the availability of raw materials, equipment and machinery, and disrupt entire supply chains.
- Cyber business interruption: a growing concern as cyber-attacks increase in frequency and severity across the UK market. A cyber incident which locks down the whole IT estate of a business can have the same impact as a catastrophic fire. Traditional property or crime insurance does not cover cyber losses, and with increased dependency on technology and the growth in threats, cyber business interruption insurance and continuity planning are crucial, along with a regular review of supply chains to spot – and mitigate – any weak points.
Many business leaders are already responding proactively to these emerging supply chain risks, including reducing the length of their supply chains. This also links with the ESG agenda, with nearly half (49%) of businesses now believing that responsible sourcing is important or extremely important for their business.
4. Loss of reputation and brand value
Reputational risk is a key factor in cyber risk (a breach of customer data can really take the shine off), and with global communication in social media, a mis-step can quickly become very public.
Nearly one third of business leaders named damage to their brand’s reputation as one of their top five risk exposures – with one in three citing cyber-attacks as a key threat to their reputation. The report also highlights the reputational risk around how companies acquire, use and store data, and the importance of maintaining customers’ trust.
5. Cyber security and cyber incidents
98% of businesses rely on some form of digital communication or solution such as cloud storage, email, online banking or digital supply chains – all potential avenues for cyber criminals to exploit. Most criminal activity isn’t specifically targeted, with tools often used to search the internet for system vulnerability. This means any business, small or large, can be targeted – and more than once.
Cyber criminals have looked to exploit weakness in stretched IT security systems through targeted phishing emails and ransomware attacks, which threaten to destroy or publish a victim’s data unless a fee is paid.
With entire business models moving online, digital customer journeys and cyber and phishing attacks spiralling. it’s estimated that 70-90% of business should have cyber insurance. But understanding how cyber insurance works is important – as are cyber security and phishing prevention measures.
Cyber is in no small way a people issue; education and awareness of cyber security are key, and businesses are nominating cyber security guardians within teams. But cyber risk is not just a work topic – we need to be conscious everywhere in our lives.
Creating a cyber security culture is important: 88% of cyber breaches in the UK can be attributed to human error or negligent employees. Most businesses and employees will know what to do if they discover a fire, but would they know what to do if their network was down due to a ransomware attack? As well as protecting against the financial impact of cyber threats, insurance should provide access to a range of experts in order to reduce the damaging impact of the event and help the business bounce back.
Other risks highlighted in the report include macroeconomic developments, the health and wellbeing of employees, a shortage of skilled workforce, market developments and new and changing technology.
Only time will tell the impact of macroeconomic factors related to the large-scale shutdowns – the recession, interest rates, government interventions; and of the more open attitude to free trade of the Biden administration.
The pandemic has fore fronted employees as a key asset – one that performance and profits are dependent on. Just under a fifth (19%) of the business leaders surveyed said their employees’ health and wellbeing is one of their five biggest risks; with the added pressures of “living at work” rather than working from home, we are still responsible for our people’s wellbeing. This starts with workplace culture; a culture of openness and psychologically safe place for issues and concerns are crucial, along with giving staff agency in how they manage what they need to do for their own wellbeing. As things open up, staff may feel apprehensive, anxious, stressed; it’s important to keep talking to them, and remember to protect yourself as an employer. Aviva’s library of Loss Prevention Standards may be a useful resource as you bring employees back in.
The shortage of skilled workforce is likely to persist post-Brexit, with concerns around a lower level of skilled labour immigration, alongside a rising rate of retirement. Increased digital growth and technology adoption is driving demand for skilled workers that can move with the times. Businesses in the UK are having to balance the recruitment of fully skilled employees with adopting lifelong learning, upskilling and retraining programmes to improve the skills of existing employees.
Environmental, Social and Governance (ESG) factors
The pandemic has caused governance challenges for companies and countries alike, and 2020 can be seen as a giant ESG stress-test for the global economy. 68% of businesses said they consider ethical corporate governance factors important, with corporates citing reputational damage and liability as their biggest ESG-related exposures.
Decarbonising road transport is a key goal for the UK government, which presents both opportunities and risks for industry in the extensive electrification of transport (including heavy goods) and heating, the rollout of the hydrogen economy and the development of carbon capture and storage.
Nearly half (48%) of business leaders told us that responsible sourcing is important or extremely important to their business, and one third (34%) of businesses with a motor fleet were considering upgrading it to be greener. But integrating electric vehicles into fleets may impact on the claims supply chain, leading to higher repair costs and hire charges for replacement vehicles. This may have wider knock-on effects on insurance rates.
2020 put risk management and business planning to the test like no other year in recent memory. COVID-19 has caused 55% of businesses to take a fresh look at their risk management practices and make changes. We have seen that the worst can happen – and learned the importance of being well prepared.
A significant number of businesses are looking to take less risk, with a quarter (26%) looking to increase their insurance cover as a result. 83% of businesses expect their risk management focus to either increase or remain the same as they recognise the importance of robust risk management strategies.
However, over half (53%) of business leaders reported they don’t usually undertake regular health and safety risk assessments, and just under three in ten (28%) business leaders said they usually test their business continuity plans.
Every business benefits from a business continuity plan: a clear set of steps to deal with incidents effectively so they can recover, resume and restore their business quickly after an incident. Free help and support for creating a business continuity plan can be found on the Aviva Risk Management Solutions website.
While large corporates have the resources (and indeed the pressure) to protect their assets, implement good governance and invest in dedicated risk management teams, SMEs may not have scope for dedicated risk management roles, making it hard to be proactive. Given the increasing complexity of risks, it makes sense for businesses to leverage the ready resource in their trusted risk advisers, drawing on the deep expertise and cross-industry perspective of both insurer and broker to help them address their unique risks.
Where does insurance fit in?
While businesses naturally want to increase their insurance cover to reduce risk, it’s not just a question of throwing money at the problem; you need the “right insurance”. That may mean more cover, or just different cover to reflect your changing business model. Some business models have changed fundamentally – so it’s critical to engage with your insurance adviser in advance and allow extra time for this at renewal.
As your risks change, so your insurance needs to respond: you may need less cover for property risk and more for cyber risk. People are now more aware about insurance; that just buying a policy doesn’t mean you’re automatically covered for everything. It’s critical to engage with what you’re actually buying and how it works. We’ve all learned lessons from Covid, and insurers are working to provide clear policy wordings.
There is no question that the COVID-19 pandemic will change the way companies operate forever. Businesses across the world are reprioritising risk, broadening their perspective to evaluate major shocks (not just anticipated losses), and elevating risk managers to an enterprise-level strategic role. “Resilience” is being redefined, and companies’ approach to risk will be fundamental to their success. Aviva’s own recommendations to insurance buyers are:
- Read your policy
- Engage with your insurance adviser
- Ask questions: there’s no such thing as a silly question