Growing cyber perils are worrying more companies globally in 2022 than the threat of supply chain disruptions, natural disasters or even the COVID-19 pandemic, according to the Allianz Risk Barometer survey.

The survey measures the most important business risks for the next year and beyond based on the insights of 2,650 risk management experts from 89 countries and territories and 22 industry sectors. Respondents for the most recent survey were questioned through October and November 2021.

Cyber incidents topped the survey’s list of risks for the second time in its history, with 44 percent of respondents reporting it as their top concern. Business interruption came in at a close second (42 percent), with natural catastrophes ranking third (25 percent).

The main driver of concern around cyber risk is the recent surge in ransomware attacks, the report found, as 57 percent of survey respondents confirmed that they view ransomware as the top cyber threat for 2022.

“Ransomware has become a big business for cyber criminals, who are refining their tactics, lowering the barriers to entry for as little as a $40 subscription and little technological knowledge,” said Scott Sayce, global head of cyber at Allianz Global Corporate & Specialty (AGCS), in a company press release. “The commercialization of cyber crime makes it easier to exploit vulnerabilities on a massive scale. We will see more attacks against technology supply chains and critical infrastructure.”

More technology supply chain and critical infrastructure attacks being on the horizon could serve as a daunting message for 2022, as last year already saw significant incidents. Cyber criminals exploited software vulnerabilities potentially affecting thousands of companies in the July attack of Florida information technology firm Kaseya. REvil, a Russia-linked cybercrime syndicate, took credit for the breach.

Concerns over attacks targeting physical critical infrastructure are growing as well on the back of the Colonial Pipeline attack in May, in which an intrusion by another Russia-linked group at the U.S. fuel transporter led to the shutdown of 5,500 miles of critical infrastructure.

At the end of last year, a vulnerability was disclosed within a piece of software used to record activities in a range of systems found in consumer-facing products and services. The software is called Log4j, and the vulnerability poses a risk to millions of consumer products, enterprise software and web applications as it is being exploited by a growing set of attackers, according to a January Federal Trade Commission blog.

Although business interruption dropped one place to second in the survey’s 2022 rankings, it remains synonymous with cyber risk in a lot of ways, the survey found. This is only the third time in the 11-year history of the Allianz Risk Barometer survey that business interruption is not ranked as the top risk, yet the report stated that companies’ growing reliance on technology and digitalization, particularly amid the ongoing global pandemic, is likely to be the biggest challenge for BI going forward.

In fact, cyber is the most feared cause of BI in this year’s survey, the report said, with respondents noting that cyber is still not as well understood as traditional BI triggers such as natural catastrophes or fire, so mitigations are not as well developed.

“‘Business interrupted’ will likely remain the key underlying risk theme in 2022,” AGCS CEO Joachim Mueller said in the release. “2021 saw unprecedented levels of disruption, caused by various triggers. Crippling cyber attacks, the supply chain impact from many climate change-related weather events, as well as pandemic-related manufacturing problems and transport bottlenecks wreaked havoc… Building resilience against the many causes of business interruption is increasingly becoming a competitive advantage for companies.”

Despite the ongoing COVID-19 pandemic in which business interruption concerns have garnered much attention, the risk of pandemic outbreak is another category that dropped places in this year’s survey, falling to fourth place from second in 2021. It should be noted that the survey predated the Omicron variant.

The majority of businesses surveyed (80 percent), however, said they feel well prepared for a future pandemic event, although “Omicron is a reminder that Covid-19 remains an unpredictable threat with potentially long-term consequences,” the report added.

Two categories that rose through the rankings in this year’s survey were natural catastrophes and climate change, moving to third and sixth, respectively. This comes as global insured catastrophe losses in 2021 were in excess of $100 billion, the report said, serving as the fourth highest year on record.

Respondents reported concerns about the physical loss and supply chain impact from climate change-related weather events. Other concerns regarding climate change, once again, pointed back to cyber risk.

“These two perils are also linked by the fact that two of the most significant impacts expected from changes in legislation and regulation (the fifth top risk) in 2022 will be around big tech and sustainability,” the report said.

Additional categories that rose or fell in the survey’s rankings this year were:

  • The skilled workforce shortage (13 percent) was a new entry in the top 10 risks, coming in at No. 9. Respondents ranked this as a top five risk in the engineering, construction, real estate, public service and healthcare sectors, and as the top risk for transportation.
  • Changes in legislation and regulation remained fifth (19 percent). Prominent regulatory initiatives on companies’ radars in 2022 include anti-competitive practices targeting big tech, as well as sustainability initiatives with the EU taxonomy scheme, according to the survey.
  • Fire and explosion (17 percent) is a perennial risk for companies, ranking seventh as in last year’s survey, while market developments (15 percent) fell from fourth to eighth year-on-year and macroeconomic developments (11 percent) fell from eighth to 10th.