What's Happening?
A recent report by EY and the Institute of International Finance (IIF) reveals that 80% of insurance chief risk officers (CROs) now rank cybersecurity among their top five risks, marking a 14 percentage point increase from the previous year. The survey
highlights that cybersecurity concerns surpass other risks such as strategic, regulatory/compliance, and geopolitical/market risks. The report also notes a significant rise in the importance of third-party and vendor cyber risk management, with 77% of respondents identifying it as a critical aspect of cyber risk. The findings underscore the growing recognition of dependency risks across extended value chains, particularly as operational resilience requirements and vendor concentration concerns increase.
Why It's Important?
The emphasis on cybersecurity by insurance CROs reflects the increasing complexity and potential impact of cyber threats on the industry. As cyber risks continue to evolve, they pose significant challenges to the insurance sector, which must adapt to protect sensitive data and maintain trust with clients. The focus on third-party risks highlights the interconnected nature of modern business operations, where vulnerabilities in one part of the supply chain can have widespread repercussions. The report suggests that the insurance industry is prioritizing enhancements in risk management infrastructure and integration, which could lead to more robust defenses against cyber threats and improved resilience in the face of potential attacks.
What's Next?
The report indicates that insurance companies are planning to enhance their risk management strategies over the next year, focusing on both financial and nonfinancial risk management. This includes improvements in risk technology, controls, governance, and talent development. As the industry continues to grapple with emerging cyber risks, particularly those associated with artificial intelligence, there is likely to be increased investment in cybersecurity measures and collaboration with technology providers to mitigate these threats. The ongoing evolution of cyber risks will require continuous adaptation and innovation in risk management practices to safeguard the industry's future.
