Connect with us


Chief Danger Officers Say Cybersecurity Most Urgent Danger: Survey



Spread the love

In an inaugural EY/Institute of Worldwide Finance (IIF) international insurance risk management survey, cybersecurity was ranked as the very best concern for chief threat officers.

CROs surveyed mentioned the highest 5 threat varieties or threat administration varieties for the approaching yr have been:

  • 53% – Cybersecurity threat
  • 35% – Insurance coverage threat (e.g., underwriting threat, together with lapses, catastrophic (CAT) and longevity threat)
  • 32% – Enterprise mannequin change/transformation
  • 26% – Credit score threat (together with nation, sovereign and focus threat)
  • 24% – Tied between capital allocation, rate of interest threat and expertise threat (e.g., threat of insufficient administration or upkeep of expertise techniques, networks, belongings and functions)

Human capital dangers (22%) additionally ranked excessive for the one-year outlook, reflecting a tightening labor market. Total, 64% of collaborating CROs mentioned attracting expertise will change into more and more troublesome in the long run. Third-party threat displays scarce expertise and the business’s elevated connectivity; extra insurers search to entry particular capabilities and applied sciences by way of ecosystems and various sourcing fashions.

Issues shift when the view is prolonged to rising dangers over the subsequent three years, in keeping with survey knowledge from 68 insurance coverage carriers throughout 15 international locations. Whereas cybersecurity threat nonetheless tops the listing (68%) for all CROs surveyed, the highest 5 issues are rounded out with extra international points, together with geopolitical threat (56%), environmental threat (50%), machine studying and synthetic intelligence (43%), and expertise scarcity/re-skilling of the prevailing workforce (41%).

Political uncertainty on this U.S. election yr heightens the dangers, contributing to most survey respondents calling out geopolitical dangers as probably the most urgent over the subsequent three years. CRO respondents see geopolitical dangers primarily when it comes to macroeconomic influence (79%), elevated cyber warfare (67%) and regulatory adjustments (64%).


American survey respondents have been twice as probably than their European counterparts to anticipate a deal with GenAI within the subsequent 5 years. Roughly 1 / 4 of companies have carried out core parts of the required frameworks to handle AI-related dangers. Regardless of a reliance on rising ecosystems and alliances to drive efficiencies (43%) and purchase new prospects (59%), virtually half (46%) considered managing third-party cyber threat as a risk to their operational resilience.

Whereas assured managing rising monetary and regulatory threat, lower than 1 / 4 (22%) of respondents mentioned they have been implementing AI, Gen AI and machine studying. These surveyed adopting AI are doing so pragmatically with guardrails in place – with 50% establishing controls to assist make sure the accountable use of AI and ML in decision-making. Respondents cited heighted threat in modeling (together with threat of hallucination and explainability) 61%, knowledge privateness 49% and client equity and algorithmic bias 37%.


Greater than two-thirds (69%) of CROs surveyed are integrating ESG into their threat administration framework, and 87% are incorporating ESG requirements into investments. Whereas many CROs really feel assured of their group’s capability to combine ESG into their decision-making, solely 3% of respondents have a whole understanding of their climate-change threat publicity, and simply over a 3rd (36%) acknowledged that local weather threat is being built-in into enterprise technique – though constructive motion is forthcoming. Over half (53%) cited ESG-related investments and rewarding constructive ESG conduct (34%) because the main merchandise or options with probably the most progress potential.

Nonetheless, virtually three-quarters (72%) of CRO respondents are assured they’ve the capability to handle change related to elevated threat, whereas 74% see funds as their most vital risk to accelerating important digital transformation methods.


“Insurance coverage CROs proceed to hunt for alternatives to drive progress and cut back the operational threat related to that, together with third-party cyber threat,” mentioned Isabelle Santenac, EY international insurance coverage chief. “With record-breaking pure catastrophes in 2023, the stress on carriers to deal with the growing multibillion-dollar safety hole is compounded by shrinking budgets and scarce expertise to deal with a number of the most urgent climate-related disasters our technology has confronted.”

Regardless of working in a “quicksand atmosphere,” she mentioned, “CROs are meaningfully investing in ecosystems, using AI to deal with the rise in fraud, and mitigating future threat by laying the groundwork to draw expertise to an business teeming with potential.”


Confidence stays regardless of dealing with what some name a “polycrisis.”

“Confronted with complicated dangers, speedy technological developments and useful resource and expertise constraints, our survey outcomes spotlight the resilience and adaptableness of insurance coverage CROs and their robust dedication to digital transformation,” mentioned Mary Frances Monroe, director, insurance coverage regulation and coverage on the Institute of Worldwide Finance. “The insurance coverage CRO group can be integral to firms’ ESG integration efforts, that are essential for addressing climate-related dangers.”


The occasions of 2023 have elevated the tempo at which insurance coverage carriers have sought to strengthen their entrance line with threat administration practices, with 59% of respondents enhancing their liquidity administration insurance policies, procedures and practices and greater than half (56%) updating their asset legal responsibility administration (ALM) framework, within the final 12 months. This bullish development continues, with greater than 90% of respondents planning to guage or implement monetary (e.g., credit score, market, liquidity) and non-financial (e.g., operational) threat administration over the subsequent 12 months.



Focused on Cyber?

Get computerized alerts for this subject.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *