Advice in the age of critical infrastructure blackouts
The three most significant risks facing South African businesses as they enter 2024 have been revealed as critical infrastructure blackouts, cyber incidents and business interruption (BI) with natural catastrophe and energy crisis rounding out the top five. This snapshot of country-specific risks appears in the appendices to the 2024 Allianz Risk Barometer, acknowledged as one of the leading annual publications on the global risk landscape.
A rich tapestry of global, local risks
For 2024, Allianz surveyed 3 069 risk management experts from 92 countries and territories before ‘slicing and dicing’ the data to offer detailed global, regional and country views of risk. The result is a rich tapestry of Top 10 risks with plenty of overlaps to explore. For example, you can compare the South Africa risk landscape just mentioned with that of all respondents based in Africa and Middle East region. The latter region is most concerned about cyber incidents, business interruption (BI) and macroeconomic developments; critical infrastructure blackouts fell to fourth position and changes in legislation and regulation appeared in fifth.
Today’s newsletter will focus on the Top Three domestic risks, fleshed out with some of the insights shared in the 2024 Risk Barometer. FAnews readers will not be surprised to learn that critical infrastructure blackouts, described as power disruptions or age-related infrastructure failures, were also atop South Africa’s risk ranking list in the prior year, though the percentage of respondents concerned over this risk increased from 36% to 40%. Ongoing crises at the state-owned electricity provider, Eskom SOC Limited and Transnet Limited are well-documented, and present massive challenges to local businesses.
Whichever way you unpack the data, 2023 was an annus horribilis for electricity intensive businesses. An article published on IOL.co.za contends that the country suffered 6 700 hours of loadshedding recorded over 335 days, exceeding the cumulative hours from the preceding 15-years. The economic damage is more difficult to quantify, though the writer has seen estimates of a ZAR1.3 trillion ‘hit’ to the 2023 GDP number. And bottlenecks at the country’s main export ports are making things worse. As this newsletter percolates, coal and fruit exporters are struggling to get their production out; and importers cannot get their goods in.
Cyber remains a truly global risk
The cyber incidents category needs little introduction either. It turns out that cybercrime; data breaches; fines and penalties; IT network and service disruptions; malware and ransomware are of concern to risk managers globally, with the category occupying first place in Australia, France, Germany, India, Nigeria, Switzerland and the United States, to name a few. A noteworthy observation is that this risk stood out head-and-shoulders above the sea of other risks, having been picked by 36% of global survey respondents. The second risk was picked by only 31%.
According to the report: “cyber is the cause of business interruption that companies fear most, while cyber security resilience is their most concerning environmental, social and governance (ESG) risk issue”. And cyber incidents were consistently picked by executives and risk managers in a broad range of industries including consumer goods, financial services, government, public services, healthcare, leisure and tourism, media, professional services, technology and telecommunications. You name the industry, cyber is causing leadership and risk management teams sleepless nights.
“It is no surprise that cyber is the top concern for businesses globally,” said Michael Bruch, Global Head of Risk Advisory Services at Allianz Commercial, commenting for the report “Businesses and the wider economy are now reliant on digital services and infrastructure for both critical and everyday activities [and] almost everything is now linked to technology”. Unfortunately, the moment a firm is connected to the internet it opens the doors to hackers and other bad actors to attempt to steal data or threaten disruption for extortion.
Remember that previous Transnet bungle?
Cyber-related business interruption is not new to South African insurers and risk managers. Raise a hand, dear reader, if you recall the July 2021 ransomware attack that affected Transnet’s port operations. As recounted by Wikipedia.org, “the attack caused Transnet to declare force majeure at several key container terminals, including the Port of Durban, Ngqura, Port Elizabeth and Cape Town”. This attack affirms the interconnectedness of risks in the modern environment because business interruption can be caused by cyberattack, or infrastructure failure, or natural catastrophe, or you name it.
The 2024 Risk Barometer concluded that business interruption, including supply chain disruptions, remained a key risk for global businesses, occupying second position on both the South African and global tables. One of the reasons this risk is so prevalent is that firms remain under significant pressure “to build resilience and diversify supply chains in a rapidly changing world”. Since 2020, global businesses have had to figure out how to seamlessly transit their goods and services in the context of the energy crisis and pandemic. These risks have subsided in 2024 but new issues have surfaced to take their place.
“With almost all companies reliant on supply chains for critical products and services, business interruption and supply chain disruption remain at the forefront of risk,” explains Marianna Grammatika, a Head of Risk Consulting at Allianz Commercial: “It is the extent of the [potential] disruption that becomes the focus point”. Her colleague, Alberto Barani, a Business Interruption Group Leader at the firm, observed that “many companies [are] still running with low levels of stock and just-in-time manufacturing, which results in little margin for errors or disruption”.
The 2023-24 ‘rail and port’ snafus
Although we often think about supply chain disruptions in global terms, there are numerous scenarios that arise out of South Africa’s recent rail and port snafus. Imagine, for example, you are installing a solar array in the Northern Cape and a dozen containers containing your panels are held up at Cape Town harbour; or you are a clothing retailer awaiting a major consignment of summer clothes that was scheduled to arrive before New Year but ended in the man-induced doldrums around the Durban port instead; or you are a Chinese importer of steam coal who has just read that coal exports ex-Richards Bay are back to 1990 volumes. Supply chain challenges are interconnected with many of the Top 10 risks, including political risk and violence, which the 2024 Risk Barometer places eighth globally and sixth for South Africa.
Those among you who offer risk mitigation and transfer solutions to large businesses that have high dependencies on single suppliers will have to pay close attention to emerging supply chain risks this year as well as figuring out the potential impact of unrelated risk events on same. Case in point, during the final quarter of 2023, drought contributed to low water levels in the Panama shipping canal, “causing congestion and delays of up to two weeks”.
Geopolitical risks are an issue too as large countries ‘but heads’ over control of critical inputs to semiconductors and other tech items. As Grammatika noted, “producers of rare earth elements are often found in the most underdeveloped and politically volatile areas, as well as being exposed to ESG risks”.
Pointers for brokers and risk managers
Allianz offered a few pointers for insurance brokers and risk managers to prepare their commercial clients for the worst. First and foremost, firms need to “maintain regular audits of systems and test their business continuity plans”. Second, you need to examine the list of suppliers for your manufacturing inputs and / or products and set about identifying alternative suppliers wherever possible. And finally, you must go the extra mile to identify and remediate all supply chain bottlenecks.
This simple advice turns out to be quite difficult to implement. Imagine, for example, telling someone with 200-tonnes of apples ready for export from Cape Town that they can no longer export through the local harbour; or telling a small aircraft manufacturer that its radio component manufacturer has gone belly up and there is only one other manufacturer globally, at triple the price. The risks were easy enough to identify but mitigating against them can be business ending.
“The global risk landscape is constantly changing, with climate change, digitalisation and geopolitics; some risks lie dormant, but a significant enough change in geopolitics or events such as extreme weather patterns can very quickly change the predominant risks,” Grammatika concludes. This dear reader, explains why risk identification, mitigation and transfer is a never-ending ‘game’.
Writer’s thoughts:
It is difficult to see how local businesses can successfully navigate the double-whammy of electricity supply and transport and logistics challenges this year, and still trade profitably. Have you noticed rising levels of despondency among your small and medium enterprise (SME) clients of late? Please comment below, interact with us on Twitter at @fanews_online or email us your thoughts [email protected].
