Constant fear of cyber threats puts information security at number one risk concern in financial services

  • 30 November 2021

Information security, including cyber, has topped a league table of operational risk concerns for risk professionals at global financial services organisations.  Followed by technology and third party risk, all three top risks reflect the industry’s current strategic priorities, with digital transformation heavily impacting these scores.

The findings were published in a report from ORX, the world’s largest operational risk association with a membership of over 100 banks and insurers globally. The full report is available for free to all ORX members or can be purchased by non-members.

Find out more or buy the report

Top Risk Review November 2021 headlines

According to the report – Top Risk Review November 2021– information security risk, driven by cyber threats, continues to challenge the industry. With digitalisation continuing at pace and on a global scale, the cyber security risk landscape is evolving rapidly with more frequent and sophisticated attacks, especially phishing and ransomware - all creating a sense of ‘living in constant fear’. 

However, the good news is that whilst firms are seeing an increasing number of events across a range of industries, most are avoiding successful attacks.

Interestingly, this year’s report reveals that external fraud has entered the top five (from ninth place), replacing business continuity. The variety, volume, and sophistication of external fraud attempts present an evolving and ever-present challenge in an economically turbulent environment.

Top 5 risks

  1. Information security (including cyber)
  2. Technology
  3. Third party
  4. Regulatory compliance
  5. External fraud

Luke Carrivick, Director of Research and Information from ORX explains:

“Fierce competition from digital-centric disruptive market entrants, the threat of rapidly evolving cybercrime, the lasting impact of the Covid-19 pandemic, and growing stakeholder expectations are all driving firms to adopt new technology at a faster pace than ever before.

“The knock-on effect is a new form of risk management that will mitigate any potential oversight of change and vulnerabilities that may be exposed, discovered and potentially exploited (e.g. by cyber criminals) along the way.

“At the same time, I’m not surprised to see an increase in external fraud in this latest report. External fraud has been an ever-present risk and alongside a growing cyber threat there has been an increasing variety of physical external fraud. These, combined with increasing fraudulent activity and customer vulnerability due to Covid-19, has created the perfect storm. 

“Now that the impact of the pandemic is beginning to be realised, the business continuity challenge is evolving.  Businesses are now focusing to a greater extent on building their operational resilience, with focus on areas such as the impacts of hybrid working, and longer term, how a changing climate will impact operations.”

Get more information in the full report

The latest Top Risk Review report is now available to buy. This report, published in November 2021, provides insight into the key current top operational risks facing the financial services industry, with results based on the personal opinions of risk professionals from 50 financial organisations across our global membership.

Find out more or buy the report