More than half of CFOs globally, including those in Australia, have changed their risk management approach under pressure from the “velocity” of evolving threats confronting them, research by insurance broker Lockton has found.
About 66% say their risk attitude has changed since the start of the year, in response to the increase in risk exposure.
The cyber breaches on Optus and Medibank reflect the magnitude of risks facing CFOs, who say they aren’t prepared to deal with the myriad of systemic challenges, a list that includes supply chain disruptions, technology, geopolitical tensions and litigation threats.
“In Australia, recent cyber attacks on a telecommunications company and a major insurer demonstrate when a major cyber event occurs, it’s not an isolated risk or issue,” Lockton Pacific CEO Paul Marsden said.
“These events permeate into all parts of a business and they spiral quickly.”
Mr Marsden says in the case of Medibank, which confirmed it did not have cyber insurance, the insurer is now “having to front a bill in the millions of dollars”.
“Litigation risk is pressing with future shareholder class actions on the cards,” he said. “These are the real impacts and outcomes of risk velocity.”
The Lockton report is based on a survey of 475 CFOs and senior finance leaders, including 50 in Australia and 12 in New Zealand. The respondents represent companies with a minimum of $US100 million ($149 million) in annual revenue and come from sectors such as energy, financial services, healthcare and telecoms.
In other key findings, the survey shows a major shift in risk perception between the first quarter of this year and third quarter.
The survey says CFOs’ concerns regarding risk velocity have exponentially increased across technology, cybersecurity and people risks during the period.
About 67% of respondents are most concerned with technology risk, followed by cyber security (37%), people risk (31%), economic risk (14%) and supply chain risk (6%).
“The reality for today’s businesses is that they will be dealing regularly with risk events for which there is no specific playbook,” the Lockton report says.
“Organisations will continue to face a disruptive, complex, and dynamic landscape. Decision-makers will need to ensure their operating model is resilient and flexible enough to take account of a quick pivot in strategy.”
Lockton says the survey findings demonstrates the view that increasing risk velocity should transform the way CFOs view and respond to risk events, in order to create a sustainable organisation.