Insurance chiefs rank cybersecurity as top risk priority for next year
A majority of insurance chief risk officers expect cybersecurity to demand the most attention over the next 12 months, with third-party and vendor cyber risk also ranking among their top five concerns, according to EY's third annual Global Insurance Risk Management Survey.
The findings reflect responses from CROs across different regions, business lines and organisation sizes. They reveal a risk environment shaped by geopolitical instability, technological change, climate pressures and shifting regulation - conditions that make risks emerge faster and spread wider across insurers' operations.
AI and automation reshape risk functions
Many CROs are prioritising generative AI-enabled risk management capabilities, with chatbot and large language model integration emerging as the most common application.
Most organisations plan to reduce manual roles within risk functions while increasing investment in data, analytics and AI skills. The workforce shift reflects growing demand for hybrid positions that combine risk expertise with data and AI capabilities.
Cyber risk integration and governance tightens
Insurers are consolidating cyber risk, third-party risk and operational resilience into more integrated frameworks. This includes expanding continuous monitoring, strengthening governance and running more scenario tests alongside closer oversight of third- and fourth-party relationships.
Governance and controls remain a core priority as AI adoption accelerates. CROs are updating control frameworks, clarifying accountability and introducing automated monitoring and testing capabilities to keep pace with diverging regulatory expectations across jurisdictions.
Data quality and centralisation become critical
Many CROs are prioritising improved access to high-quality, consistent data to enable more timely risk insights. Investment in centralised data platforms is helping organisations reduce fragmentation and support more effective use of advanced technologies.
The CRO role itself continues to shift toward a more strategic position, with greater involvement in business decision-making and organisational transformation. Firms that strengthen governance, build data capabilities and develop digitally skilled teams will be better positioned to manage increasing complexity and maintain resilience.
Your membership also unlocks:
