Asian Transport Industry Sees Digital Vulnerability as No. 1 Risk – Willis Towers Watson Study

HONG KONG, CHINA – Media OutReach – 2 March 2017 – Top executives in Asia’s transportation industry see digital vulnerability as their primary business risk, reflecting the changing causes and nature of risk in their business, and the need to elevate managing cyber threats to a board-level responsibility, according to a new study from leading global advisory, broking and solutions company Willis Towers Watson (NASDAQ: WLTW).

*Asia’s concern over digital vulnerability higher than any other region

*Digital risks need to be handled at a corporate level

*Cyber insurance lags behind the fast-evolving nature of such attacks

Based on interviews with 350 C-suite executives in the transport industry globally, of whom 71 are from Asia, the Willis Towers Watson 2016 Transportation Risk Index sheds light on the top perceived threats over a 10-year horizon. It comes at a time when supply chains in the region are becoming increasingly digitalised and interconnected, prompting tighter regulation of data protection and disclosure of breaches.

Participants were asked for their views on 50 specific risks under five broad categories, or megatrends. Executives from Asia ranked digital vulnerability as the top megatrend (table 1) and gave it a risk score[1] higher than any other region did (table 2). The cyber threat was top of the list of specific transportation risks, followed by third-party security vulnerability, particularly in the supply chain, and changes in demand owing to macro-economic conditions (table 3).

“Digitalisation’s impact is felt across business sectors, and the transport sector is no exception when you consider the growth of internet of things, artificial intelligence, driverless cars, robo-workers, and smart cities,” said Mark Hue Williams, Head of Transportation Industry for Willis Towers Watson.

Hue Williams added that digital risk mitigation is not the exclusive responsibility of risk managers or IT managers. “Cyberattacks and resulting breaches have broad technical, financial, operational and reputational consequences. Organisations need to take a holistic view — one that includes their organisational culture — and form strategies accordingly at a corporate level. In addition, risks lie in each link of the supply chain. So there’s a collective responsibility to which every participant in the supply chain must be accountable, not only to their shareholders but also to their business partners.”

In Asia, a leading security company said its own cyber-intelligence monitoring revealed that more than a quarter of its transportation sector customers were targeted with advanced cyberattacks during the first half of 2016[2].

In terms of cyberattacks, a report[3] issued by Microsoft Asia in January revealed that three of the top five destinations for cyberattacks during the first half of 2016 were in Asia Pacific.

As cyberattacks become increasingly prevalent in the region, regulators across markets including China and Singapore have tightened rules governing how companies must handle data and disclose any breaches.

China passed a new cybersecurity law in November 2016, requiring enterprises to improve their ability to defend against cyberattacks, while demanding security reviews for equipment and data in certain strategic industry sectors. Transport is a sector classified as “critical information infrastructure” in the new law, which takes effect on 1st June 2017.

Singapore also plans for a new cybersecurity bill to be tabled in parliament in 2017 to better secure its critical information infrastructure.

“Tighter regulations are pushing companies in the region to attach greater importance to cyber security,” said Hue Williams. “Executives must ensure their preparedness and response plans will withstand questioning from shareholders and the public in the wake of a breach.”

Despite the prevalence of cyberattacks and tighter regulations across the region, the insurance sector hasn’t moved anywhere near as fast. “While insurers are offering various cyber insurance products, the challenges involved in pricing and underwriting cyber-risks have constrained the ability of insurers to fully penetrate this market,” said Hue Williams.

“The difficulty stems from the fast evolving nature of cyber-crime, which makes past data unlikely to be predictive of the future. Few historical claims also result in a lack of precedents for reference in applying policy terms and conditions. These challenges have led insurers to be more cautious in their policy offerings,” Hue Williams added.