Top risks facing CFOs in 2022

Report calls on organisations to build business resilience

Top risks facing CFOs in 2022


By Roxanne Libatique

Technology and cybersecurity are the top risks facing chief financial officers (CFOs) as they feel increasingly exposed to nearly all categories of risk since the first quarter of 2022 (Q1 2022), according to Lockton's latest research.

CFOs are increasingly responsible for managing strategic business risks. However, many feel unprepared to deal with the magnitude and frequency of systematic risks. Therefore, Lockton teamed up with Financial Times company Longitude to survey 475 CFOs and senior finance leaders during Q1 and Q3 2022. The respondents represented companies with a minimum of US$100 million in revenue, 50 of which were based in Australia and 12 in New Zealand.

The report found that CFOs think their exposure to nearly 14 risk categories, especially technology and cybersecurity, has increased in the past six months.

“Increased interconnectivity and interdependence of systems, brought on by digitalisation and globalisation, has created an environment where one disaster can contribute to another. This is resulting in higher risk velocity: the speed by which a risk impacts a business and materialises,” said Lockton Pacific CEO Paul Marsden.

The report also found that:

  • 66% of CFOs changed their approach to risk management from Q1 to Q3 due to the velocity of risk;
  • High-profile cyber events in 2022 capture the essence of risk velocity – what starts as an isolated cyber risk spirals into brand and reputation risk, litigation risk, regulatory and compliance risk, etc.; and
  • 54% of CFOs think the velocity of risk is of greater concern than risk likelihood or impact.

Focusing on the top risks facing CFOs, Marsden explained that recent cyberattacks on a telecommunications company and a huge insurer in Australia demonstrated that major cyber events are not an isolated risk or issue.

“These events permeate into all parts of a business, and they spiral quickly. For the insurer, [it's] anticipating a $35m pre-tax hit to earnings for the first half of the financial year (not including any fines or extra compensation),” he said. “Furthermore, on the first day of trading after the database was hacked, [the insurer's] share market fell about $1.75 billion. Having declared [it] did not have cyber insurance because it was deemed too expensive, the insurer is now having to front a bill in the millions of dollars. Litigation risk is pressing with future shareholder class actions on the cards. These are the real impacts and outcomes of risk velocity.”

With risks hitting industries much faster, Marsden advised organisations to build business resilience by factoring risk velocity into traditional risk management models. However, businesses must accept that no plan is bulletproof, with history littered with failed crisis plans.

“The first step is to embrace a culture of risk management then prioritise building a robust team and manage expectations. Organisations need diverse teams of individuals coming together to openly discuss risks with clear support from the board,” Marsden said.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!