ORX, an operational risk association with a membership of over 100 banks and insurers globally, has released its findings on the biggest operational risks found in the financial sector. The Top Risk Review November 2021 report shows that information security risk was the biggest concern, followed by technology and third-party risk.
According to the report, information security risk, driven by cyber threats, continues to challenge the industry. With digitalisation continuing at pace and on a global scale, the cyber security risk landscape is evolving rapidly with more frequent and sophisticated attacks, especially phishing and ransomware – all creating a sense of ‘living in constant fear’.
However, the good news is that whilst firms are seeing an increasing number of events across a range of industries, most are avoiding successful attacks.
Interestingly, this year’s report reveals that External Fraud has entered the top five (from 9th place), replacing Business Continuity. The variety, volume, and sophistication of External Fraud attempts present an evolving and ever-present challenge in an economically turbulent environment.
|Ranking||Top Risk Review (Sep 2020)||Top Risk Review (May 2021)||Top Risk Review (October 2021)|
|1||Information Security (including Cyber)||Information Security (including Cyber)||Information Security (including Cyber)|
|2||Third Party||Third Party||Technology|
|Business Continuity||Regulatory Compliance||Third Party|
|5||Regulatory Compliance||Business Continuity||External Fraud|
Luke Carrivick, Director of Research and Information from ORX explains, “Fierce competition from digital-centric disruptive market entrants, the threat of rapidly evolving cybercrime, the lasting impact of the covid-19 pandemic, and growing stakeholder expectations are all driving firms to adopt new technology at a faster pace than ever before.
“The knock-on effect is a new form of risk management that will mitigate any potential oversight of change and vulnerabilities that may be exposed, discovered and potentially exploited (e.g. by cyber criminals) along the way.
“At the same time, I’m not surprised to see an increase in External Fraud in this latest report. External Fraud has been an ever-present risk and alongside a growing cyber threat there has been an increasing variety of physical external fraud. These, combined with increasing fraudulent activity and customer vulnerability due to covid, has created the perfect storm.
“Now that the impact of the pandemic is beginning to be realised, the business continuity challenge is evolving. Businesses are now focusing to a greater extent on building their operational resilience, with focus on areas such as the impacts of hybrid working, and longer term, how a changing climate will impact operations.”