Welcome to the latest article in our Bridging the Gap blog series. This time we explore an intriguing question: Can historic loss data help narrow the gap between actual and perceived risk, especially when operational risks keep evolving?
We recently surveyed directors at over 100 financial institutions worldwide; the results were fascinating. Directors listed a variety of concerns, from cyber events to regulatory breaches, health and safety issues to control challenges, with the top seven risks closely clustered in terms of perceived urgency. But do these concerns align with the risks their risk management teams are focusing on?
Our experience shows that many of the risks flagged by directors have severe forecasts but are low in likelihood. Take for example, Cyber risk which tops the list for financial institutions, according to our Global Directors’ and Officers’ Survey Report 2024. Over the last five years, we've seen a threefold increase in business disruption scenarios involving cyber threats. However, the overall exposure in terms of value of losses has not yet reached the level of other risks experienced by these organisations.
15% of loss events experienced by financial institutions are due to execution risks.
Whilst directors focus on these severe losses, risk managers must also focus on more frequent, though less severe events, which need constant monitoring to avoid a "death by a thousand cuts" scenario. One example is execution risk, which has consistently been a key operational risk, accounting for around 25% of financial institutions' key scenarios over the past decade and 15% of loss events.
With cyber losses expected to grow, directors face a critical question: Can historic data support the assessment of evolving operational risks?
When your knowledge is limited to your own company's experiences, challenging internal risk perceptions can be tough. Similarly, headline loss figures seen externally often lack context and therefore applicability. However, breaking down these events into specific details can provide your organization with meaningful insights.
For instance, knowing a wealth manager faced a $210m loss after a data breach is informative. But understanding that 34% of the cost was settlement, 25% fines and penalties, 16% credit monitoring, and the rest notification costs, defence and professional fees, is actionable information.
Despite regulatory obligations, developing a robust risk management framework can be challenging due to a lack of data. For firms as they look to control risk, finding the right balance of information is key. We believe the following three factors are key to success and long term resilience:
01
Subject matter experts are essential for a proactive risk outlook, identifying emerging risks and offering key insights. They should be encouraged to look beyond existing controls.
02
Internal event data is critical for risk identification and measurement. Including this data, even if limited, is vital for an accurate risk profile.
03
Third-party claims data and industry experiences enhance scenario development, providing a comprehensive understanding of evolving risks and secondary costs.
To understand and access historical claims data for your specific firm, advice on how to incorporate this data into your risk strategy and help and support from our experts on how to bridge the gap between your risk and your insurance