Mitigation Actions for Top 10 Risks
This year, we provide our first year-over-year comparison of mitigation actions for the top 10 risks; we first explored this topic in 2019. Not surprisingly, COVID-19 caused many companies to double down on elements of their risk mitigation plans in 2020, not just for the pandemic but also for related risks, including cyber risk, business interruption, economic slowdown, and supply chain risk.
Mitigation Actions for Top 10 Global Risks
Elsewhere in our survey, risk readiness generally improved greatly for the top 10 risks. Irrespective of region, size or industry, companies lag in risk quantification activities, an admittedly challenging task for some types of risk (for example, reputational risk), but an important one nonetheless. Companies continue to be behind the curve with quantification, yet efforts to prioritize management actions and set insurance limits without risk quantification are little more than guesswork. As new, emerging and accelerating risks continue to rise in prominence, we see more companies looking to develop scenario-based quantification, often using alternative data sets as the basis of their efforts.
Some variation in the adoption of mitigants likely reflects companies’ more limited resources; they are prioritizing control measures that will deliver the best returns, but this approach obviously comes with its own risks.
Cyber risk is the focus of considerable attention in 2021. High-profile data breaches and ransomware attacks reflect a growing threat landscape. What’s more, digitalization accelerated by remote work in the “new normal” and a notably hardening insurance market have exacerbated concerns about cyber risk. A relatively high percentage of respondents say their companies have taken one or more actions to mitigate cyber risk because of heightened concerns. This is helped by ever-improving cyber-loss data sets and risk intelligence to guide them to the right decisions. In 2019, 55 percent of respondents said they had developed a risk management plan; that figure jumped to 68 percent in 2021. Sixty-five percent say they have assessed this risk, up from 64 percent in 2019, and 60 percent have developed continuity plans, up from 49 percent in 2019, possibly reflecting the growing interest in cyber continuity shown by cyber underwriters. Investment in risk mitigation is the highest for cyber risk, yet respondents still rate it the most significant risk, an indication of the scale of the issue in the eyes of respondents.
Twenty-seven percent of respondents assessed the risk of economic slowdown in 2021, up from 16 percent in 2019. Since the last survey, COVID-19 is estimated to have triggered a global loss in GDP of 4.5 percent, amounting to almost $4 trillion of lost economic output. Despite signs of recovery, ongoing economic and fiscal uncertainty calls for companies to address this risk from a corporate strategy and risk appetite perspective.
Business interruption is an insurable risk. Given the changes in operating environment and financial performance of many companies, it is somewhat surprising that just 36 percent of respondents said they have evaluated relevant risk or finance transfer solutions (ERFTS), compared with over 50 percent that assessed this risk, developed a risk management plan or developed continuity plans. This finding suggests that companies need to be more adept at reviewing ongoing coverage to ensure it is optimal. The fact that only three of the top 10 risks have over 20 percent of respondents turning to ERFTS as a mitigant reminds us that the insurance industry needs to be more proactive in order to maintain its’ relevance as a hedge for companies’ most significant risk exposures.
Because reputational risk has been seen as difficult to quantify, the percentage taking action to mitigate it remains low. However, recent research commissioned by Aon and conducted by Pentland Analytics shows that the financial impact from negative reputational risk events has never been higher. Risk professionals must continue to focus on reputation exposure in their enterprise risk assessments while demanding more relevant insurance coverage from the market. In 2019 and again in 2021, 28 percent of respondents said they had assessed risk from increasing competition, but considerably fewer have acted in the remaining four mitigation areas. In light of post-pandemic reshaping of many business models, coupled with a rise in new market entrants, the need to intensify focus on competition risk as a strategic exposure remains of the upmost importance.
Mitigation Actions for Top 10 Risks by Region
Mitigation Actions for Top 10 Risks by Revenue (in $)
As the table above shows, companies take actions such as quantifying risks and evaluating risk financing for some new and emerging risks regardless of size. For example, 33 percent of companies with revenues in excess of $25 billion quantify risk, compared with 36 percent of companies with revenues of $1 billion to $5 billion. With respect to developing risk management plans, 42 percent of respondents in Europe, the Middle East and Africa have developed a plan for key risks, a 16 percent jump from 2019. At the same time, the Asia Pacific region saw a 12 percent year-over-year jump to 40 percent. This underscores the pandemic’s impact on business and the need to bolster resilience.