Revealed – top emerging threats for banks and insurers

One risk has stood at the top for four consecutive years

Revealed – top emerging threats for banks and insurers

Risk Management News

By Josh Recamara

Geopolitical uncertainty is the primary driver of emerging threats for banks and insurers, according to the 2025 ORX Horizon and Cyber Horizon reports.

The reports, based on input from 47 global financial services firms, ranked cybercrime as the top risk for the fourth consecutive year, placing it ahead of other risk categories by a significant margin. Published by ORX, an operational risk association, it identified technology & digital strategy and business service disruption as the second and third most significant risks.

Geopolitical risk

Firms surveyed in the reports highlighted geopolitical tensions and political instability as major contributors to cybercrime, particularly threats linked to nation-state activities, including cloud service provider compromises and state-sponsored cyberattacks. The development of artificial intelligence is further increasing the complexity, frequency, and severity of these threats.

“Conversations with the ORX community suggest that while their firms feel well equipped to handle cyber threats, many view their suppliers as less mature in this space, particularly smaller vendors,” said Steve Bishop, research and information director at ORX.

“This is compounded by geopolitical instabilities that could impact the supply chain, the lack of global regulatory alignment, regulatory pressures such as DORA, CPS230, Basel III, BCB239 and challenges with overseeing third-party control environments,” he added.

Top cyber threats

Third-party compromise was identified as the top emerging cyber threat in both the short- and long-term, with 92% of firms ranking it among their top five concerns for the next six to 12 months.

Ransomware attacks were the second-highest concern for 76% of firms in the short-term and 60% in the long-term. While the likelihood of a successful ransomware attack was considered low, the potential impact on business operations, customers, reputation, and finances was a key concern. Regulatory requirements are also influencing the focus on ransomware risks.

The Cyber Horizon report also highlighted the prominence of AI-related threats over the next 12 to 36 months. AI-enabled fraud, including deepfakes, rose from ninth to fourth place, while attacks on AI models moved from 15th to 11th.

AI was also noted as a factor influencing cyber threats. It is reducing barriers to entry and increasing the volume and speed of attacks. It is also enhancing attack methods, including AI-enabled spear phishing and more convincing deepfake scams.

“Since collecting the data for these reviews between November and December 2024, there have already been several significant geopolitical and regulatory developments bringing more uncertainty,” Bishop added. “The US has a new administration, the German government has recently collapsed over fiscal policy disputes, and instability in the Middle East continues. We can expect the themes presented in this report to evolve at pace over the next 12 months.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!