Industry Views


Key Issues for the Industry Currently Reflected in the Risk Selection

Technology companies are a key target for cyber criminals with motives of financial gain via theft of confidential information or money. Many are being targeted not just by traditional malicious actors such as hackers and cyber criminals but also by competing companies and nations engaged in corporate espionage. In an increasingly punitive legal and regulatory environment, and with more frequent contractual requirements for cyber liability insurance, forward-thinking companies are taking proactive steps to better understand their exposures. These include actions by employees, system and program errors, security measures, industry, the nature and quantity of data collected, political or strategic significance, and reliance on technology. As well as having well-established and significant intangible risk exposures, technology companies provide products and services that inherently create, amplify and attract cyber risks. The increasing severity of risks and loss events is challenging traditional approaches. With no consistently agreed-on definition, every organization has different exposures and the potential impact is constantly evolving.

This makes it challenging for technology companies to determine what level and extent of risk management they need for cyber risks, in terms of both coverage and mitigation strategies. Many technology companies have broad technology errors and omissions, media liability and professional indemnity policies, but there’s an increasing need for additional insurance covering “first party” or “own costs” risks such as non-damage network or software interruption, notification costs, regulatory costs and consumer redress costs.

Surprises in the Top 10 Risks Selected

The relatively high ranking of increased competition as a risk is a surprise given that most innovations are the byproduct of competition. Innovation can flourish when an incumbent is threatened by a new entrant because the threat of losing users to the competition drives product innovation and improvement. Companies need to stay one step ahead as new start-ups are constantly emerging with better products. Technology remains a rapidly evolving market, and market share isn’t necessarily an accurate indication of market power. The biggest R&D spenders worldwide are large tech companies that continue to compete based on the fear that they will get replaced in the same way they unseated other companies to get where they are now.

A further surprise is that disruptive technologies and distribution or supply chain failure have fallen out of the top 10 risks since our last survey. However, they didn’t fall far enough to suggest that these are still not critical risk issues. This is especially apparent considering that business interruption (tightly correlated with supply chain failure) and increased competition, failure to attract or retain top talent, and failure to innovate (correlated with disruptive technologies) all remain in the top 10 risk factors. Further, the clear impact of the pandemic on all supply chains, including in the technology sector, mute this result.

Most Underrated Risks

Year after year, the risk management community seems to underplay the risk (and opportunity) around intellectual property. To a large extent, this is likely driven by the historical lack of real solutions and related capacity for this asset category. We acknowledge that this point is anecdotal rather than empirical, but this perspective consistently came up in our discussions with academic and practicing risk experts. Yet, this has changed tremendously in the past three years. In fact, the strength of solutions in IP are now one of the fastest growing solutions in the technology industry.

Although identified as an emerging risk, the failure of technology companies to attract and retain top talent is still an underrated risk, particularly as many companies in this sector are seen as digital powerhouses in the growth phase. Talented candidates with exceptional technology experience and skills who can act as “translators” between what the business wants and what technology can actually deliver are receiving multiple offers and can choose among companies vying for their attention. In this competitive market, future innovation and growth opportunities require a clearly defined hiring strategy that addresses culture, opportunities and benefits.

Challenges the Industry Will Face in the Next 3 Years and What Organizations Can Do to Address Them

There’s no shortage of challenges facing the technology sector, and, as the pandemic has shown, tech companies are often called upon to provide immediate solutions. It’s not always about having all the answers; it’s about prioritizing the most pressing issues. Over the next few years companies will have to adapt to customer changes while addressing security and detection response systems and educating their employees about cyber threats. Companies will need to continually spend on innovation to retain a competitive advantage as well as embracing remote methodologies and staff augmentation strategies. These are challenges that also face tech teams today in maintaining a secure, productive work environment. Companies should address regulatory changes along with shareholders’ increasing interest in seeing diversity at the board level and transparent, available policies on ESG and climate change.

How New Challenges Will Require Companies to Change Their Approaches to Risk Management and Mitigation

The global pandemic disrupted every organization, and the implications of its impact are still unfolding. More disruptive change could come from anywhere, with political, economic, social, technological, legal and environmental factors all posing unprecedented challenges. Organizations need to identify the gaps between their current operations and where they want to be in a post-pandemic world, and determine how to achieve that vision. The technology sector typically has extensive information security measures in place, but evaluating the effectiveness of controls on cyber exposure is challenging because it requires both a detailed understanding of the potential business impacts from cyber events and the ability to quantify and mitigate financial exposures.

Current Top 10 Risks

Predicted Future Risks

By 2024

Have a question? Contact us.

Industry Views

Telecom, Media and Entertainment

©2021 Aon plc. All rights reserved | Contact Us | Privacy Policy | Legal