Top risks facing CFOs in 2022

Top risks facing CFOs in 2022

The report found that CFOs think their exposure to nearly 14 risk categories, especially technology and cybersecurity, has increased in the past six months.

“Increased interconnectivity and interdependence of systems, brought on by digitalisation and globalisation, has created an environment where one disaster can contribute to another. This is resulting in higher risk velocity: the speed by which a risk impacts a business and materialises,” said Lockton Pacific CEO Paul Marsden.

Read more: Lockton Re taps new senior broker

The report also found that:


66% of CFOs changed their approach to risk management from Q1 to Q3 due to the velocity of risk;
High-profile cyber events in 2022 capture the essence of risk velocity – what starts as an isolated cyber risk spirals into brand and reputation risk, litigation risk, regulatory and compliance risk, etc.; and
54% of CFOs think the velocity of risk is of greater concern than risk likelihood or impact.

Focusing on the top risks facing CFOs, Marsden explained that recent cyberattacks on a telecommunications company and a huge insurer in Australia demonstrated that major cyber events are not an isolated risk or issue.

“These events permeate into all parts of a business, and they spiral quickly. For the insurer, [it’s] anticipating a $35m pre-tax hit to earnings for the first half of the financial year (not including any fines or extra compensation),” he said. “Furthermore, on the first day of trading after the database was hacked, [the insurer’s] share market fell about $1.75 billion. Having declared [it] did not have cyber insurance because it was deemed too expensive, the insurer is now having to front a bill in the millions of dollars. Litigation risk is pressing with future shareholder class actions on the cards. These are the real impacts and outcomes of risk velocity.”

See also  CSIO publishes requirements to quote and bind two new segments

With risks hitting industries much faster, Marsden advised organisations to build business resilience by factoring risk velocity into traditional risk management models. However, businesses must accept that no plan is bulletproof, with history littered with failed crisis plans.

“The first step is to embrace a culture of risk management then prioritise building a robust team and manage expectations. Organisations need diverse teams of individuals coming together to openly discuss risks with clear support from the board,” Marsden said.