Chief risk officers at financial services firms – who traditionally focused on credit, market and operational risk – are now most concerned about non-financial risks. EY surveyed senior risk executives from 86 banks across 37 countries for the 13th annual EY/IIF global bank risk management survey and found that cybersecurity is, by a large margin, the risk they will pay most attention to in the immediate term. It was cited as a top-five risk by 73 per cent of respondents, compared to 36 per cent for the two next-highest ranked risks: implementation of regulatory rules and operational resilience.
EY describes cybersecurity risk as “a portfolio of multiple risks, including different forms of ransomware attacks, expanding activity by state-sponsored bad actors and the risks associated with ecosystems, generative artificial intelligence and other third-party relationships”. This complexity in cyber risk management has also seen regulators increasing their scrutiny of cybersecurity.
“Regulators are increasingly focusing on non-financial threat scenarios such as failures of critical providers and major cybersecurity threats which can cause systemic impacts to the…
