The business climate in 2021 has experienced a perfect storm: Business models are being reshaped, while organisations across the globe are responding to and, at the same time, recovering from the once-in-a-lifetime set of challenges posed by the COVID-19 pandemic.
There are also exposures that are still relatively new for many businesses. Companies’ understanding of, readiness for and ability to manage and transfer risks such as climate-change risk, supply-chain /distribution risk and ESG-related risk leaves much room for improvement.
What our research shows is that a failure – or unwillingness – to prepare can be catastrophic to an organisation’s reputation and survival. The pandemic is a stark reminder that it is not enough to focus on a specific event or exposure, but of the impact events can carry in a globally connected marketplace.
The latest survey has also highlighted the growing interconnectivity of risks, with cyber-attacks, damage to brand, and failure to innovate and meet customer demand identified as the top three risks facing Australian businesses in 2021.
Key findings – top 10 risks identified in Australia
The top risk in Australia: Cyber attacks and data breaches
COVID-19 ushered in a substantial shift in the pace of business, and in turn exponentially intensified cyber risk.
It is notable that the sharp move of cyber from the fifth position to first in the course of two years speaks to the pervasiveness of the risk.
In fact, cyber security is perceived as a top 10 risk by every surveyed sector and for all job roles, including CFOs, CEOs and chief people officers.
Ransomware exploded in 2020, and we have seen hundreds of Australian businesses of all sizes and in all industries impacted by extortion attempts of various levels of sophistication with ransoms ranging from the thousands to the millions.
In Australia in the future, it is predicted we will continue to see ransomware, supply chain risk, business email compromise and attacks against operational technology as the primary cyber threats to Australian businesses.
Australian organisations have become acutely aware of the severity of these attacks as we’ve seen businesses brought to their knees overnight with some never to recover. Failure to appropriately assess, quantify and transfer your cyber risk is also the root cause of many of the other risks ranked in the top five – notably, brand and reputation, business interruption, legislative changes to name a few.
We encourage businesses to be prepared with robust controls, well prepared incident response processes and tested business continuity management and disaster recovery plans.
Damage to reputation and brand still a key issue
In Aon’s 2019 survey, Australian businesses rated damage to reputation and brand as their number one risk, and in 2021 it again featured high on the list at number two. While it has ranked consistently in the top five globally, it has remained in the top three in Australia for several years.
Australian businesses recognise that reputational crises can have a substantial impact on a company’s future. In 2021 and beyond, the continuing impact of COVID-19 and then on businesses’ responses to the changing economy, the prevalence of social media threats and the 24/7 news cycle has the potential to create rapid impacts which can have an immediate and lasting impact on an organisation’s shareholder value and reputation.
The drive to innovate and meet customer demands
While COVID-19 has caused devastating disruptions to the global economy, decimating many famous brands, it is also forcing companies across different industries to innovate and reinvent themselves. Businesses have found new ways to sell, service and operate during the crisis.
The challenge is this: How can these innovations bring systematic growth after the pandemic abates?
The COVID-19 crisis has taught us that it is important for organisations and leaders to become more comfortable with uncertainty and ambiguity, which are fundamental parts of the innovation process. Failure to innovate is a commercial risk that can also be directly impacted by impaired resilience and a failure to manage volatility. It highlights the importance of a comprehensive and forward-looking approach to enterprise risk management.