HONG KONG, CHINA--(Marketwired - Mar 1, 2017) -

• Asia's concern over digital vulnerability higher than any other region
• Digital risks need to be handled at a corporate level
• Cyber insurance lags behind the fast-evolving nature of such attacks

Top executives in Asia's transportation industry see digital vulnerability as their primary business risk, reflecting the changing causes and nature of risk in their business, and the need to elevate managing cyber threats to a board-level responsibility, according to a new study from leading global advisory, broking and solutions company Willis Towers Watson (NASDAQ: WLTW).

Based on interviews with 350 C-suite executives in the transport industry globally, of whom 71 are from Asia, the Willis Towers Watson 2016 Transportation Risk Index sheds light on the top perceived threats over a 10-year horizon. It comes at a time when supply chains in the region are becoming increasingly digitalised and interconnected, prompting tighter regulation of data protection and disclosure of breaches.

Participants were asked for their views on 50 specific risks under five broad categories, or megatrends. Executives from Asia ranked digital vulnerability as the top megatrend (table 1) and gave it a risk score¹ higher than any other region did (table 2). The cyber threat was top of the list of specific transportation risks, followed by third-party security vulnerability, particularly in the supply chain, and changes in demand owing to macro-economic conditions (table 3).

"Digitalisation's impact is felt across business sectors, and the transport sector is no exception when you consider the growth of internet of things, artificial intelligence, driverless cars, robo-workers, and smart cities," said Mark Hue Williams, Head of Transportation Industry for Willis Towers Watson.

Hue Williams added that digital risk mitigation is not the exclusive responsibility of risk managers or IT managers. "Cyberattacks and resulting breaches have broad technical, financial, operational and reputational consequences. Organisations need to take a holistic view -- one that includes their organisational culture -- and form strategies accordingly at a corporate level. In addition, risks lie in each link of the supply chain. So there's a collective responsibility to which every participant in the supply chain must be accountable, not only to their shareholders but also to their business partners."

In Asia, a leading security company said its own cyber-intelligence monitoring revealed that more than a quarter of its transportation sector customers were targeted with advanced cyberattacks during the first half of 2016.² 

In terms of cyberattacks, a report³ issued by Microsoft Asia in January revealed that three of the top five destinations for cyberattacks during the first half of 2016 were in Asia Pacific.

As cyberattacks become increasingly prevalent in the region, regulators across markets including China and Singapore have tightened rules governing how companies must handle data and disclose any breaches.

China passed a new cybersecurity law in November 2016, requiring enterprises to improve their ability to defend against cyberattacks, while demanding security reviews for equipment and data in certain strategic industry sectors. Transport is a sector classified as "critical information infrastructure" in the new law, which takes effect on 1^st June 2017.

Singapore also plans for a new cybersecurity bill to be tabled in parliament in 2017 to better secure its critical information infrastructure. 

"Tighter regulations are pushing companies in the region to attach greater importance to cyber security," said Hue Williams. "Executives must ensure their preparedness and response plans will withstand questioning from shareholders and the public in the wake of a breach."

Despite the prevalence of cyberattacks and tighter regulations across the region, the insurance sector hasn't moved anywhere near as fast. "While insurers are offering various cyber insurance products, the challenges involved in pricing and underwriting cyber-risks have constrained the ability of insurers to fully penetrate this market," said Hue Williams.

"The difficulty stems from the fast evolving nature of cyber-crime, which makes past data unlikely to be predictive of the future. Few historical claims also result in a lack of precedents for reference in applying policy terms and conditions. These challenges have led insurers to be more cautious in their policy offerings," Hue Williams added.

Table 1: Asia and Australasia megatrend rankings

Megatrend rankings		CRS
1. Digital vulnerability and rapid technological advancement		62
2. Geopolitical instability and regulatory uncertainty		60
3. Changing market dynamics and business model insecurity		51
4. Complex operating models in an interconnected world		49
5. Talent management and the complexities of a global workforce		39

Table 2: CRS for digital vulnerability across different regions

Regions		Europe, Russia, CIS, Central Asia		North America		Latin America		Asia and Australasia		Middle East and Africa
CRS		45		44		46		62		53

Table 3: Top 10 specific transportation risks for Asia and Australasia

	Top 10 specific risks		CRS		Under which megatrend
	Increased security threat from cyber and data privacy breaches		45.0		Digital vulnerability and rapid technological advancement
	Third-party security vulnerability digital supply chain resilience		44.1		Digital vulnerability and rapid technological advancement
	Change in demand due to macro-economic conditions		42.1		Complex operating models in an interconnected world
	Staff retention		41.6		Talent management and the complexities of a global workforce
	Inability to keep up with pace of change and technological advancement		40.4		Digital vulnerability and rapid technological advancement
	Illiquidity and the availability of competitive capital		40.2		Changing market dynamics and business model insecurity
	Increased complexity of regulation		40.1		Geopolitical instability and regulatory uncertainty
	Pricing strategy pressure		39.8		Changing market dynamics and business model insecurity
	Threat from new and emerging competitors		39.7		Changing market dynamics and business model insecurity
	Globalisation of customer base		39.0		Geopolitical instability and regulatory uncertainty

ABOUT THE SURVEY
Willis Towers Watson's 2016 Transportation Risk Index is a comprehensive survey commissioned to measure the transportation industry's risk environment as seen through the eyes of 350 senior executives that work for air, sea, rail and road-transport companies. Among those who participated in the survey were 110 CEOs and 80 CFOs. Willis Towers Watson also conducted in-depth interviews with selected executives to gain greater insight into the risks they face. A full copy of the research including infographics that can be re-published on request is available here.

ABOUT WILLIS TOWERS WATSON
Willis Towers Watson (NASDAQ: WLTW) is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas -- the dynamic formula that drives business performance. Together, we unlock potential. Learn more at willistowerswatson.com

¹ Each risk is measured by a Combined Risk Score (CRS), which is calculated by combining the severity of the risk's impact and the difficulty of managing it.

² FireEye, Inc.

³ Microsoft Security Intelligence Report, Volume 21