Skip to content

Top 5 risks unchanged but risk exposures are rising says latest report

POSTED BY
false

Information Security (incl. Cyber), Third Party, Technology, Data Management, and External Fraud remain as the Top 5 ranked risks, with a continued increase in materiality scores in the last six months. Regulatory Compliance also moves up two places to rank sixth as deadline pressures mount.

The findings were published in our H1 2024 Top Risk Review.

Steve Bishop, Research & Information Director at ORX comments:


“It’s no surprise that Information Security, driven by cybersecurity, remains the number one top risk. Despite firms reporting that they manage cybersecurity effectively, we know they play a constant game of cat and mouse with criminals who are using evermore sophisticated attack methods, including AI.” 
“We’ve also seen recent high profile attacks and data theft at industry suppliers such as MOVEit and EquiLend which reinforce the perceived threat posed by vulnerabilities and cybersecurity failures at third parties.” 

Top Six Risks Increase in Materiality

Screenshot 2024-07-26 131411Screenshot 2024-07-26 131432

Figure 1 : % change in materiality scores since the last review 

According to the report, of the top five risks, External Fraud has seen the greatest percentage materiality rise (5.6%) since the last review, with continued concerns around frequency and sophistication of fraud attempts. This is closely followed by Regulatory Compliance (5.3%) and Information Security (incl. Cyber) (5.1%). 

Regulatory Compliance sees the greatest upward movement as key deadlines approach 

As key regulatory deadlines approach - notably Basel III, the Digital Operational Resilience Act (DORA) and CPS 230 - regulatory compliance moves up the rankings from eighth to sixth place overall (ranked 5th by the insurance community). 

With the pressure of the regulatory burden and other ongoing concerns such as jurisdictional divergences and lack of clarity from regulators, firms are putting significant time and investment into developing new and enhanced frameworks. 

Steve Bishop adds: 


"Firms face the dual challenge of tight deadlines and limited resources to implement these complex changes, all while dealing with heightened regulatory scrutiny and potential penalties. Many firms are naturally working towards   DORA compliance in the EU as implementation is set for January 2025. DORA requirements cut across risk types, not only touching on firms’ digital operational resilience, but on their information and cyber security and their management of third party relationships as well.” 

 

Only half of firms reassured that third party risk is being managed effectively 

With cyber incidents and data breaches remaining the most prominent challenges firms face when it comes to their third-party relationships, only half (50%) of financial firms believe this risk is being managed effectively or highly effectively. 

Particular concerns arise from third parties acting as a gateway to corporate and customer data held for clients, and into the clients’ systems. Lack of visibility and oversight firms have over third-party control environments leads to fear that they are not sufficiently robust to meet regulatory requirements.