Skip to main content
main content, press tab to continue
Article

Addressing the role of historic loss data in bridging the gap between perceived and actual operational risks

By Alicia Drewitt | October 31, 2024

Discover how historic loss data can enhance long-term resilience by bridging the gap between perceived and actual operational risks in our latest article from the operational risk solutions team.
Financial, Executive and Professional Risks (FINEX)
N/A

Welcome to the latest article in our Bridging the Gap blog series. This time we explore an intriguing question: Can historic loss data help narrow the gap between actual and perceived risk, especially when operational risks keep evolving?

What operational risks are worrying directors?

We recently surveyed directors at over 100 financial institutions worldwide; the results were fascinating. Directors listed a variety of concerns, from cyber events to regulatory breaches, health and safety issues to control challenges, with the top seven risks closely clustered in terms of perceived urgency. But do these concerns align with the risks their risk management teams are focusing on?

Does director concern match reality?

Our experience shows that many of the risks flagged by directors have severe forecasts but are low in likelihood. Take for example, Cyber risk which tops the list for financial institutions, according to our Global Directors’ and Officers’ Survey Report 2024. Over the last five years, we've seen a threefold increase in business disruption scenarios involving cyber threats. However, the overall exposure in terms of value of losses has not yet reached the level of other risks experienced by these organisations.

15% of loss events experienced by financial institutions are due to execution risks.

Whilst directors focus on these severe losses, risk managers must also focus on more frequent, though less severe events, which need constant monitoring to avoid a "death by a thousand cuts" scenario. One example is execution risk, which has consistently been a key operational risk, accounting for around 25% of financial institutions' key scenarios over the past decade and 15% of loss events.

With cyber losses expected to grow, directors face a critical question: Can historic data support the assessment of evolving operational risks?

Is historical data valuable in bridging the gap?

When your knowledge is limited to your own company's experiences, challenging internal risk perceptions can be tough. Similarly, headline loss figures seen externally often lack context and therefore applicability. However, breaking down these events into specific details can provide your organization with meaningful insights.

For instance, knowing a wealth manager faced a $210m loss after a data breach is informative. But understanding that 34% of the cost was settlement, 25% fines and penalties, 16% credit monitoring, and the rest notification costs, defence and professional fees, is actionable information.

Finding the right balance

Despite regulatory obligations, developing a robust risk management framework can be challenging due to a lack of data. For firms as they look to control risk, finding the right balance of information is key. We believe the following three factors are key to success and long term resilience:

  1. 01

    Leverage subject matter experts

    Subject matter experts are essential for a proactive risk outlook, identifying emerging risks and offering key insights. They should be encouraged to look beyond existing controls.

  2. 02

    Incorporate internal experience

    Internal event data is critical for risk identification and measurement. Including this data, even if limited, is vital for an accurate risk profile.

  3. 03

    Consider the broader experience of the industry

    Third-party claims data and industry experiences enhance scenario development, providing a comprehensive understanding of evolving risks and secondary costs.


Contact WTW today

To understand and access historical claims data for your specific firm, advice on how to incorporate this data into your risk strategy and help and support from our experts on how to bridge the gap between your risk and your insurance

Author


Head of Innovation and Acceleration – FINEX GB

SERVICE

Bridging the gap between risk and insurance

Determining the right amount of insurance coverage for your business is crucial. Too little, and you're exposed; too much, and you're paying for protection you don't need. Our Operational Risk Solutions can help you identify, quantify, and transfer risks and recommend the optimal level of insurance for your organisation's risk landscape.

Contact us