Willis Towers Watson (WTW) has released a new report exploring the potential for historic loss data to help financial institutions narrow gaps between perceived and actual operational risks.
Part of the firm’s “Bridging the Gap” series, the report investigates how evolving operational threats are reshaping risk management priorities.
WTW's recent survey gathered insights from over 100 directors at financial institutions globally, capturing their concerns about a range of risks – from cyber threats to regulatory breaches, health and safety issues, and internal control lapses.
Interestingly, directors placed these top risks in close order of importance. However, WTW raises a key question: Are these high-level concerns fully aligned with the priorities risk management teams face daily?
According to the report, many of the risks that directors prioritise are severe in potential impact but lower in probability. For instance, cyber risk ranked highest among concerns for financial institutions in WTW’s 2024 Global Directors’ and Officers’ Survey Report.
While cyber threats have resulted in a threefold increase in disruption scenarios over the past five years, the financial exposure remains lower than other, more frequent operational issues.
Risk managers, meanwhile, often focus on the cumulative financial effects of smaller, recurring issues, which can add up over time.
Execution risk, for example, has been a leading operational concern in recent years, making up around 25% of key risk scenarios and 15% of loss events among financial institutions. This kind of ongoing risk requires close monitoring to prevent a slow accumulation of financial impact, described by WTW as “death by a thousand cuts.”
The growing cyber threat has led directors to examine how historical data might help in evaluating evolving risks.
WTW noted, however, that historical data can be challenging to interpret without detailed breakdowns of specific incidents.
For example, knowing that a wealth manager incurred a $210 million loss from a data breach offers limited insight without understanding that the costs involved included 34% for settlement, 25% for fines, 16% for credit monitoring, and the remainder for notification, legal defence, and other expenses. Such breakdowns offer more actionable insights for decision-makers seeking to strengthen risk frameworks.
To improve resilience and balance information needs, WTW identified three key strategies for a robust risk management framework:
WTW’s findings highlighted the importance of integrating detailed loss data into risk management practices.