Technology and cybersecurity are the top risks facing chief financial officers (CFOs) as they feel increasingly exposed to nearly all categories of risk since the first quarter of 2022 (Q1 2022), according to Lockton's latest research.
CFOs are increasingly responsible for managing strategic business risks. However, many feel unprepared to deal with the magnitude and frequency of systematic risks. Therefore, Lockton teamed up with Financial Times company Longitude to survey 475 CFOs and senior finance leaders during Q1 and Q3 2022. The respondents represented companies with a minimum of US$100 million in revenue, 50 of which were based in Australia and 12 in New Zealand.
The report found that CFOs think their exposure to nearly 14 risk categories, especially technology and cybersecurity, has increased in the past six months.
“Increased interconnectivity and interdependence of systems, brought on by digitalisation and globalisation, has created an environment where one disaster can contribute to another. This is resulting in higher risk velocity: the speed by which a risk impacts a business and materialises,” said Lockton Pacific CEO Paul Marsden.
Read more: Lockton Re taps new senior broker
The report also found that:
Focusing on the top risks facing CFOs, Marsden explained that recent cyberattacks on a telecommunications company and a huge insurer in Australia demonstrated that major cyber events are not an isolated risk or issue.
“These events permeate into all parts of a business, and they spiral quickly. For the insurer, [it's] anticipating a $35m pre-tax hit to earnings for the first half of the financial year (not including any fines or extra compensation),” he said. “Furthermore, on the first day of trading after the database was hacked, [the insurer's] share market fell about $1.75 billion. Having declared [it] did not have cyber insurance because it was deemed too expensive, the insurer is now having to front a bill in the millions of dollars. Litigation risk is pressing with future shareholder class actions on the cards. These are the real impacts and outcomes of risk velocity.”
With risks hitting industries much faster, Marsden advised organisations to build business resilience by factoring risk velocity into traditional risk management models. However, businesses must accept that no plan is bulletproof, with history littered with failed crisis plans.
“The first step is to embrace a culture of risk management then prioritise building a robust team and manage expectations. Organisations need diverse teams of individuals coming together to openly discuss risks with clear support from the board,” Marsden said.