EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Press release
12 Feb 2024
Cybersecurity remains the top risk for European banks on a 12 months horizon
- 82% of European Chief Risk Officers (CROs) believe cybersecurity presents the biggest risk to their business in 2024
- 71% of European CROs are concerned specifically about cyber warfare between nation-states as geopolitics remain heightened
- Over a five-year time horizon, the leading emerging risks for banking CROs are climate (76%), machine learning and AI (53%) and IT legacy system (47%)
For the second consecutive year, the EY and Institute of International Finance (IIF) Bank Risk Management Survey finds that cybersecurity is the top concern for European banking Chief Risk Officers (CROs).
The survey, which uses sentiment data from 17 large European banks, finds that 82% of European CROs rank cybersecurity risk as the biggest threat to their business over the next 12 months (relative to 73% globally), and 71% believe cyber warfare between nation-states is becoming an increasingly real threat.
The challenging geopolitical environment is also leading to European banking CROs voicing concerns about global sanctions and operational resilience, and 82% of respondents believe geopolitical risks will increase this year.
Geopolitical tensions, anticipation of election outcomes, continued war in Europe, and increasing unrest in the Middle East are adding volatility to an already challenging economic environment. It is not surprising therefore that so many CROs are identifying cyber as the biggest risk once more this year. Other insights of the survey show that the CRO job description has become uniquely multi-faceted, CROs having to play several roles in the organization in identifying risks comprehensively, managing them effectively, and reporting on them efficiently.
The most effective way to guard against cyber threats is by continuously boosting operational resilience. Here, the EU's Digital Operational Resilience Act (DORA) plays a crucial role, enabling firms to reduce interruptions, adapt to progressively intricate risks, and promote heightened stability and security internally.
Climate is the biggest emerging risk for Europe’s banks
When asked about material risks over a five-year period, almost three quarters (76%) of European banking CROs believe climate risk presents the biggest emerging threat to operations, relative to 56% globally. While still a top-five issue, a smaller 53% of respondents say they have concerns about AI and machine learning risks and 47% about IT legacy systems risks.
European banking CROs consider climate change to present such a level of risk that over half (59%) of respondents believe it requires the direct attention of the board.
The multiple aspects of short-term climate risks in banking, such as short-term reporting imperatives, are yet to be discovered by CROs. Overall, the survey results show that risk managers recognize the urgent need for better understanding and action on climate risks and increased efforts to close these gaps.
About the study
The global EY organization, in conjunction with the IIF, surveyed IIF member firms and other banks in each region globally (including a small number of material subsidiaries that are top-five banks in their home countries) from June 2023 through October 2023.
Participating banks’ CROs or other senior risk executives were interviewed, completed a survey, or both. In total, 85 financial institutions across 30 countries participated. Participating banks were fairly diverse in terms of asset size, geographic reach and type of bank. Regionally, those banks were headquartered in Asia-Pacific (14%), Europe (20%), Latin America (14%), Middle East and Africa (18%) and North America (34%). Of those, 12% are globally systemically important banks (G-SIBs).