Cybersecurity remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY
- 82% of European Chief Risk Officers (CROs) believe cybersecurity presents the biggest risk to their business in 2024
- 71% of European CROs are concerned specifically about cyber warfare between nation-states as geopolitics remain heightened
- Over a five-year time horizon, the leading emerging risks for banking CROs are climate (76%), machine learning (53%) and IT legacy system (47%)
For the second consecutive year, the EY and Institute of International Finance (IIF) Bank Risk Management Survey finds that cybersecurity is the top concern for European banking Chief Risk Officers (CROs).
The survey, which uses sentiment data from 17 large European banks, finds that 82% of European CROs rank cybersecurity risk as the biggest threat to their business over the next 12 months (relative to 73% globally), and 71% believe cyber warfare between nation-states is becoming an increasingly real threat.
The challenging geopolitical environment is also leading to European banking CROs voicing concerns about global sanctions and operational resilience, and 82% of respondents believe geopolitical risks will increase this year.
Omar Ali, EY EMEIA Financial Services Managing Partner, comments: “Europe’s banks continue to operate in an environment in flux. Geopolitical tensions, anticipation of election outcomes, continued war in Europe and increasing unrest in the Middle East are adding volatility to an already challenging economic environment, where inflationary pressures remain and interest rates have not yet started falling. It is unsurprising therefore that so many CROs are calling out cyber as the biggest risk again this year, and that with heightened threat levels as standard, it is an ongoing agenda item for boards. The best defense against cyber risk is increasing operational resilience on an ongoing basis. The EU’s Digital Operational Resilience Act (DORA) is driving significant activity here, helping firms to mitigate disruption, keep pace with increasingly complex risks, and instill greater internal stability and security.”
Climate is the biggest emerging risk for Europe’s banks
When asked about material risks over a five-year period, almost three quarters (76%) of European banking CROs believe climate risk presents the biggest emerging threat to operations, relative to 56% globally. While still a top-five issue, a smaller 53% of respondents say they have concerns about AI and machine learning risks and 47% about IT legacy systems risks.
European banking CROs consider climate change to present such a level of risk that over half (59%) of respondents believe it requires the direct attention of the board.
Nigel Moden, EY EMEIA Banking and Capital Markets Leader, comments: “Climate risk is high on the agenda of every European banking CRO, and has the attention of both boardrooms and regulators. The perception of heightened climate risk is only going to increase as the impacts on the environment become increasingly visible.
“European banks are committed to net zero transition journeys, leading to more innovative ESG-linked products like carbon trading platforms. While many are making progress to meet key sustainable finance commitments, we are still some way from the finish line and banks must continue to take action.”
Martin Boer, Senior Director, Regulatory Affairs at the IIF, said: “We’re seeing a paradigm shift where interconnected risks have become endemic to the banking sector – as it has in nearly every industry. This change calls for a holistic, proactive and resilient approach in risk management, adapting to ongoing challenges in cybersecurity, credit, and environmental risks amid increasing global uncertainties.”
Notes to Editors
About the survey
The global EY organization, in conjunction with the IIF, surveyed IIF member firms and other banks in each region globally (including a small number of material subsidiaries that are top-five banks in their home countries) from June 2023 through October 2023.
Participating banks’ CROs or other senior risk executives were interviewed, completed a survey, or both. In total, 85 financial institutions across 30 countries participated. Participating banks were fairly diverse in terms of asset size, geographic reach and type of bank. Regionally, those banks were headquartered in Asia-Pacific (14%), Europe (20%), Latin America (14%), Middle East and Africa (18%) and North America (34%). Of those, 12% are globally systemically important banks (G-SIBs).