FERMA’s latest global risk management survey highlights the greatest challenges facing the risk management profession

Risk managers still see cyber as the biggest risk facing their organisations, but they fear the impact of climate change is set to dwarf the risks from technology in the next decade.

As the FERMA Forum 2024 opened in Madrid the association released the latest version of its Risk Manager Survey, produced in partnership with PwC.

54082882501_2593dfc2fc_o

This year, the survey went global with respondents from 70 countries; however, the risks remain the same. Once again, cyber risk presented the biggest concern for risk managers.

However, the association said there is now a fundamental change in the risk management sector.

The results of the survey show that organisations are having to manage varying threats across different time horizons. The report found that over the next 12 months, the top five risks for companies include cyber-attacks, geopolitical uncertainties, uncertain economic growth, talent management and data breach.

Extending the period to three years, the top concerns shift to regulation and the speed of technological change, while the geopolitical environment continues to be a critical area of concern. While at 10 years, the study reveals an exclusive risk focus on environmental challenges, with climate change adaptation, carbon neutrality transition, and natural disasters listed at the top three risks for organisations.

“In a climate of polycrisis and interconnected risk, companies must adopt more integrated and unified risk management frameworks to manage such a spectrum of threats across multiple different timeframes,” said Charlotte Hedemark, president, FERMA.

“As illustrated by the survey results, the risk manager’s role in this evolving context is becoming more strategic, with practitioners interacting more at Board level, as well as having increased responsibilities and greater input into corporate strategy and direction.”

As such FERMA said organisations of all sizes have to integrate a more holistic risk management framework aligned with overall corporate strategy to address both the immediate threats posed by cyber-attacks and geopolitical and economic uncertainty, plus the longer-term risks of technology shifts, regulatory developments and climate change.

Risk managers are also having greater say in the boardroom with the survey finding the growing prominence of the risk management function at the strategic level, as well as a broadening of the scope of responsibilities undertaken by risk professionals.

For instance, 88% of respondents have responsibilities beyond risk management. However, the findings also demonstrate that there is more that needs to be done to establish a clear position for the risk manager within the boardroom.

According to the findings, almost half of risk managers are either a permanent member of, or are invited to and participate in, board and executive committees, compared to approximately one third in the Risk Managers Survey in 2022, showing the increasing importance of the risk management function at the decision-making core of organisations.

Analysis of the expanding focus of risk managers within the corporate strategy reveals evolving priorities, including:

  • 70% of respondents work on strategic risks response, a 9% increase from 2022.
  • 53% analyse sustainability risks and impacts, up from 40% in 2022.
  • The discovery of opportunities related to strategic risks increased from 28% in 2022 to 47%.

“This shift reflects an improving alignment between risk management and corporate strategy, as organisations move towards fully embedded risk-based approaches to adapt business strategies and explore opportunities,” The survey added. “Key areas that risk managers are providing input on include disruption risks (50%), geopolitical risks (44%), and scenario testing for business plans (37%).”

Risk managers also have a more prominent role in managing ESG risks, with 57% of respondents involved in assessing ESG-related risks, up 22% on 2022, reflecting the synergy in addressing sustainability and ethical practices alongside traditional risk management activities. As a result, integration between risk management and sustainability / ESG is listed as the main area of investment for both the next 1 to 2 years, and the next 3 to 5 years, showing the drive to mature in this area.

There is also a significant rise in respondents’ focus on risk analysis, framework definition and reporting, with practitioners also actively participating in ESG committees. However, the survey reveals that quantifying sustainability risks remains the number one ESG challenge for 58% of respondents, while 49% highlight the limited data available to support ESG analysis/monitoring and therefore quantify risk impact.

While climate change adaptation is the top long-term risk for organisations, the findings show it is ranked third among risks not considered to be “adequately treated”. As a result, evaluating climate risks and impacts remains a top priority, with 60% of organisations identifying climate change risks in their risk maps, while quantifying the physical climate change risks is a top three activity for risk managers.

However, Hedemark said there were worrying signs that risk managers were growing far less confident that they will be able to mitigate or transfer risks in the traditional insurance market.

“Risk managers recognise the increasing influence of economic shifts, geopolitical uncertainty, regulatory developments, and the changing risk environment on insurance market dynamics,” she explained. “In response, they are advising organisations appropriately and taking considered and necessary actions to adapt their buying strategies and prevention activities, particularly given expectations of further market hardening.”

The survey found 53% of respondents believe that key business activities and locations will become uninsurable, up from 41% in 2022.

Drilling down into the risks cited as most likely to become uninsurable, respondents cited climate change physical risks and natural disasters (73%), cyber-attacks (55%) and supply chain disruption (including raw materials) (34%).