SOURCE: Willis Towers Watson

Willis Towers Watson

March 01, 2017 23:09 ET

Asian Transport Industry Sees Digital Vulnerability as No. 1 Risk -- Willis Towers Watson Study

HONG KONG, CHINA--(Marketwired - Mar 1, 2017) -

  • Asia's concern over digital vulnerability higher than any other region
  • Digital risks need to be handled at a corporate level
  • Cyber insurance lags behind the fast-evolving nature of such attacks

Top executives in Asia's transportation industry see digital vulnerability as their primary business risk, reflecting the changing causes and nature of risk in their business, and the need to elevate managing cyber threats to a board-level responsibility, according to a new study from leading global advisory, broking and solutions company Willis Towers Watson (NASDAQ: WLTW).

Based on interviews with 350 C-suite executives in the transport industry globally, of whom 71 are from Asia, the Willis Towers Watson 2016 Transportation Risk Index sheds light on the top perceived threats over a 10-year horizon. It comes at a time when supply chains in the region are becoming increasingly digitalised and interconnected, prompting tighter regulation of data protection and disclosure of breaches.

Participants were asked for their views on 50 specific risks under five broad categories, or megatrends. Executives from Asia ranked digital vulnerability as the top megatrend (table 1) and gave it a risk score1 higher than any other region did (table 2). The cyber threat was top of the list of specific transportation risks, followed by third-party security vulnerability, particularly in the supply chain, and changes in demand owing to macro-economic conditions (table 3).

"Digitalisation's impact is felt across business sectors, and the transport sector is no exception when you consider the growth of internet of things, artificial intelligence, driverless cars, robo-workers, and smart cities," said Mark Hue Williams, Head of Transportation Industry for Willis Towers Watson.

Hue Williams added that digital risk mitigation is not the exclusive responsibility of risk managers or IT managers. "Cyberattacks and resulting breaches have broad technical, financial, operational and reputational consequences. Organisations need to take a holistic view -- one that includes their organisational culture -- and form strategies accordingly at a corporate level. In addition, risks lie in each link of the supply chain. So there's a collective responsibility to which every participant in the supply chain must be accountable, not only to their shareholders but also to their business partners."

In Asia, a leading security company said its own cyber-intelligence monitoring revealed that more than a quarter of its transportation sector customers were targeted with advanced cyberattacks during the first half of 2016.2 

In terms of cyberattacks, a report3 issued by Microsoft Asia in January revealed that three of the top five destinations for cyberattacks during the first half of 2016 were in Asia Pacific.

As cyberattacks become increasingly prevalent in the region, regulators across markets including China and Singapore have tightened rules governing how companies must handle data and disclose any breaches.

China passed a new cybersecurity law in November 2016, requiring enterprises to improve their ability to defend against cyberattacks, while demanding security reviews for equipment and data in certain strategic industry sectors. Transport is a sector classified as "critical information infrastructure" in the new law, which takes effect on 1st June 2017.

Singapore also plans for a new cybersecurity bill to be tabled in parliament in 2017 to better secure its critical information infrastructure. 

"Tighter regulations are pushing companies in the region to attach greater importance to cyber security," said Hue Williams. "Executives must ensure their preparedness and response plans will withstand questioning from shareholders and the public in the wake of a breach."

Despite the prevalence of cyberattacks and tighter regulations across the region, the insurance sector hasn't moved anywhere near as fast. "While insurers are offering various cyber insurance products, the challenges involved in pricing and underwriting cyber-risks have constrained the ability of insurers to fully penetrate this market," said Hue Williams.

"The difficulty stems from the fast evolving nature of cyber-crime, which makes past data unlikely to be predictive of the future. Few historical claims also result in a lack of precedents for reference in applying policy terms and conditions. These challenges have led insurers to be more cautious in their policy offerings," Hue Williams added.

Table 1: Asia and Australasia megatrend rankings

Megatrend rankings   CRS
 1. Digital vulnerability and rapid technological advancement   62
 2. Geopolitical instability and regulatory uncertainty   60
 3. Changing market dynamics and business model insecurity   51
 4. Complex operating models in an interconnected world   49
 5. Talent management and the complexities of a global workforce   39
     

Table 2: CRS for digital vulnerability across different regions

Regions   Europe,
Russia,
CIS,
Central Asia
  North America   Latin America   Asia and
Australasia
  Middle East
and Africa
CRS   45   44   46   62   53
                     

Table 3: Top 10 specific transportation risks for Asia and Australasia

  Top 10 specific risks   CRS   Under which megatrend
  Increased security threat from cyber and data privacy breaches   45.0   Digital vulnerability and rapid technological advancement
  Third-party security vulnerability digital supply chain resilience   44.1   Digital vulnerability and rapid technological advancement
  Change in demand due to macro-economic conditions   42.1   Complex operating models in an interconnected world
  Staff retention   41.6   Talent management and the complexities of a global workforce
  Inability to keep up with pace of change and technological advancement   40.4   Digital vulnerability and rapid technological advancement
  Illiquidity and the availability of competitive capital   40.2   Changing market dynamics and business model insecurity
  Increased complexity of regulation   40.1   Geopolitical instability and regulatory uncertainty
  Pricing strategy pressure   39.8   Changing market dynamics and business model insecurity
  Threat from new and emerging competitors   39.7   Changing market dynamics and business model insecurity
  Globalisation of customer base   39.0   Geopolitical instability and regulatory uncertainty
           

ABOUT THE SURVEY
Willis Towers Watson's 2016 Transportation Risk Index is a comprehensive survey commissioned to measure the transportation industry's risk environment as seen through the eyes of 350 senior executives that work for air, sea, rail and road-transport companies. Among those who participated in the survey were 110 CEOs and 80 CFOs. Willis Towers Watson also conducted in-depth interviews with selected executives to gain greater insight into the risks they face. A full copy of the research including infographics that can be re-published on request is available here.

ABOUT WILLIS TOWERS WATSON
Willis Towers Watson (NASDAQ: WLTW) is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas -- the dynamic formula that drives business performance. Together, we unlock potential. Learn more at willistowerswatson.com

1 Each risk is measured by a Combined Risk Score (CRS), which is calculated by combining the severity of the risk's impact and the difficulty of managing it.

2 FireEye, Inc.

3 Microsoft Security Intelligence Report, Volume 21

Contact Information