Information Security including cyber is number one operational risk concern in Financial Services, says ORX

Information Security (including Cyber), has topped a league table of operational risk concerns for global banks and insurers. Followed by Third Party risk and Technology, all three top risks reflect continuing digital transformation in financial institutions, which is heavily impacting these scores. Information security has topped the survey for the last four years, but this year indications are that it is now being managed more effectively.

The findings were published in a report from ORX, the world’s largest operational risk association who work with over 125 banks and insurers globally.

According to the report – Top Risk Review June 2023 – Information Security risk, driven by cyber threats, continues to challenge the industry. Events have shown that it only takes one successful attempt to potentially disrupt an entire organisation and cause widespread financial and reputational damage. However, the good news is that 87% of participants said their organisation is managing the risk effectively and are continuously investing in cybersecurity controls and capabilities.

This year’s report results also reflect the explosive rise of generative AI, bringing artificial intelligence to the forefront of agendas. Opportunities include improved decision-making and process optimisation but conversely, AI and generative AI have the potential to adversely impact a wide range of risk types, notably Information Security (incl. Cyber), Data Management, Technology, Model, Transaction Processing & Execution, Regulatory Compliance and Conduct risk.

Luke Carrivick, ORX’s Executive Director explains:

“I’m not surprised that information security remains the top concern for our members, as digitalisation permeates all areas of operational functions. What is encouraging is the increased confidence in managing and mitigating these risks as they arise and reflects the industry’s improving handle on tackling cyber and other digital threats. Stability is also reflected by 60% of respondents expecting their scores to stay the same in the next six months.

“The prevalence of AI is definitely one to watch and we’ll be spotlighting this in the coming months in our Cyber-specific service as a key area of focus for operational risk.”

Third Party risk ranks in second place as oversight challenges continue. With third party arrangements becoming increasingly instrumental in critical business services, supplier risk management is a priority and if not monitored or managed effectively, could lead to significant vulnerabilities.

Figure 1: The top five ranked risks from the last four Top Risk Review surveys 

Responses also suggest that skills shortages and retention challenges persist, but with a sharp drop from 5^th to 11^th position, people risk concerns may be starting to ease. Moving from 11^th to 6^th position since the last review, External Fraud has seen the greatest upward movement of all 16 risks. While availability of advanced technology may be acting as a common enabler, difficult economic conditions were listed as a key driver.

Luke Carrivick adds:

“Benchmarking is an area that our members have been asking for as part of their risk measurement initiatives, and so for the first time since launching the Top Risk Review, participants will receive a personal benchmark highlighting how their responses compare to the industry’s. We can now include average vs individual scores and insights on how their scores compared to the rest of the participant group.”

Top Risk Review June 2023 | ORX