Three risk categories to fundamentally dictate 2022's landscape – ORX report

Three risk categories to fundamentally dictate 2022's landscape – ORX report | Insurance Business Australia

Three risk categories to fundamentally dictate 2022's landscape – ORX report

Operational risk association ORX has published the latest edition of its annual risk landscape report, which found that the speed of change has made assessing emerging risk “difficult” this year.

According to the ORX 2022 Operational Risk Horizon report, three risk categories have been predicted to “significantly influence the emerging risk landscape” – cyber threats, macroeconomic change, and geopolitical turbulence. ORX surveyed over 50 financial firms immediately prior to Russia’s invasion of Ukraine.

But while the Russian-Ukrainian war was certainly a major concern, advanced cybercrime – specifically, cyber warfare – was cited as the most worrying emerging risk category.

“With a high level of organisation and sophistication, often state-backed, groups of cyber criminals are displaying agility and adaptability. Since the survey was carried out, we have seen the Ukraine conflict resulting in financial services institutions across the world further raising their alerts against cyber-attacks, and the threat is now both immediate and rapidly evolving,” commented ORX research and information director Steve Bishop.

ORX noted that apart from cyber warfare, other top concerns related to cybercrime identified by the survey include the ease and speed of cyberattacks; lack of internal expertise within organisations to prevent attacks; and evolving/emerging cyber fraud types that exploit emerging technologies.

Emerging technologies and the exposures they could enable were also tackled in further detail in the ORX report. Survey participants were asked which technologies were the greatest concern, and the top pick was AI (79%) followed by APIs (38%), robotics/robotic process automation (PRA) (33%), digital currencies (33%) and blockchain (21%).

While ORX’s report, which was conducted prior to the Russia-Ukraine war, outlined some of the potential downstream changes the conflict would do to emerging risk profiles, the association has since hosted several virtual roundtables with its member firms to explore the actual operational risk impacts of the invasion.

Those roundtables revealed a range of key themes, such as the direct physical threat to firms with operations in the region; keeping employees safe in the region; member firms devoting resources to information security; and concerns about the long-term impact of the conflict, among other things.