Cyber Risk Is a Growing Concern for Financial Professionals
A decade ago, the U.S. economy was recovering from a severe recession, and financial leaders were struggling to get their businesses to return to normalcy. Managing the risks that arose as a consequence of that downturn was key for them. Those concerns have dissipated considerably, as the 2020 AFP Risk Survey, supported by Marsh & McLennan, found that currently only 30% consider financial risk difficult to manage, a significant drop from 51% in 2009.
In its place is cyber risk. A majority of this same group of treasury and financial professionals report that cyber risk is the most challenging risk to manage today, though a decade ago it wasn’t creating much concern. This reflects how the risk landscape has shifted in the last 10 years.
The survey was conducted before the outbreak of COVID-19; were treasury and finance professionals to be polled on their top risks today, the pandemic would surely top the list. However, black swans like the coronavirus are not the norm, whereas cyber risk is a constant threat that will continue to plague companies for years to come.
Cyber Risk Increases
Cyber risk is only getting worse, and treasury and finance professionals are aware. More than half of the respondents to the AFP Risk Survey view it as the most challenging risk to manage and believe it will continue to be for the foreseeable future.
These results aren’t much of a surprise to anyone who is paying attention. According to the AFP Cyberrisk Survey conducted in October 2019 at the AFP Annual Conference, 88% of corporate practitioners’ organizations were targeted by attempted or actual cyberattacks in the 18 months prior to the survey.
The risk survey, which gathered nearly 365 responses, found that 53% of financial professionals view cybersecurity risk as the most challenging risk to manage. And nearly the same amount predict that three years from now, it will continue to be the most complex risk to manage. It may come as a shock to know that just a decade ago, only 12% of respondents to the AFP Risk Survey cited cyber risk as difficult to control.
The good news is that financial professionals recognize the threat and are taking action to meet it head on. The survey revealed that by 2022, practitioners expect to be making substantial efforts to control these risks. Furthermore, the survey found that responsibility for cyber risk has gone beyond IT and is now shared across the organization.
Financial professionals appear to believe that their organizations are prepared to manage risk; but as much as financial professionals prepare, the unexpected will always occur.
Impact on Earnings
The survey results looked at the risks that are believed to have the greatest impact on earnings in the next three years. These include strategic risk at 40%, followed by financial risks (35%), political and regulatory uncertainty within the U.S. (33%), and macroeconomic risks (31%).
There is a link between strategic risk and technology disruption risks — early adopters or new entrants changing competition dynamics (e.g., the Amazon effect across industries and fintech providers’ impact on banks’ business models and profitability). Financial professionals can manage strategic risk through investment in key business areas, diversification of business prospects, mergers/divestitures, and building out the supply chain to better match the organization’s footprint and strategic needs.
Uncertainty about the presidential election in the United States and potential regulatory changes thereafter are contributing to concerns about political and regulatory risk. And there is also concern that the U.S. economy may be headed for a shakeup; interest rate cuts by the Fed last year have done little to alleviate concerns that macroeconomic and financial risks could hurt corporate earnings. More than half of survey respondents are concerned about upcoming economic uncertainty in the U.S., with 19% indicating that they are very concerned. Fifty-eight percent are also nervous about the global economy.
At the time of the survey, factors like negative interest rates in Europe, Brexit and the U.S./China trade war likely factored into survey respondents’ answers. Since that time, a clearer path forward toward Brexit and a “phase one” trade deal between the U.S. and China have alleviated some of those concerns. However, in the last couple of months, the coronavirus epidemic has emerged, creating tremendous uncertainty. In response, companies have been forced to alter their supply chains and discretionary spending and may need to revise their outlook.
Adapting to the Risk Landscape
The risk landscape has continued to evolve, and companies have been changing with it: 38% of respondents said their organizations have a function dedicated to actively assessing risk and reporting it regularly, and 29% said they have a process through which individual functions assess and report risk. Fully 23% said that their organization assesses risk only when the need arises, and 9% have no formal risk assessment process in place.
Financial professionals polled in the 2020 AFP Risk Survey appear to believe that their organizations are prepared to manage risk. But as much as financial professionals prepare, the unexpected will always occur. As previously noted, cybersecurity was a blip on the radar only a decade ago, but now it tops the list as organizations struggle to stay ahead of the cybercriminals. Ultimately, organizations need effective and comprehensive risk management if they want to stay ahead of the curve.
The 2020 AFP Risk Survey, supported by Marsh & McLennan, is available here.