Cybersecurity remains number one risk for global banks, as financial risk moves back up the agenda

February 06, 2024
  • 13th EY and IIF survey finds 73% of global chief risk officers (CROs) view cybersecurity as the top year-ahead risk heightened by geopolitical tensions
  • Global banking CROs see climate risk, artificial intelligence and machine learning as emerging risk priorities for regulators over the next five years 
  • Liquidity ranks as top financial risk for CROs for the next 12 months


WASHINGTON, D.C. AND LONDON – Amid unprecedented levels of volatility and global uncertainty, cybersecurity has remained at the top of the list of near-term risks for banks around the world for the second consecutive year, according to the latest EY and Institute of International Finance (IIF) bank risk management survey.

The 13th edition of this joint report is based on survey data from 85 banks across 30 countries and highlights the issues chief risk officers (CROs) and other senior risk executives view as the most pressing for their organizations now, and in the future.

Today’s CROs face increased complexity caused by overlapping and correlated risks, nearly all of which seem to be increasing in urgency. In the short term, nearly three out of four CRO respondents identified cybersecurity risk as their top concern over the next 12 months (73%), in addition to two-thirds (66%) of respondents naming liquidity as the top financial risk for the next year.

Jan Bellens, EY Global Banking & Capital Markets Sector Leader, says:

“Banking CROs need to build numerous competing priorities into their strategic agenda in 2024, while navigating endemic risks in a volatile market. The events of 2023 have illustrated that financial risks are resurgent, so it’s no surprise to see liquidity climbing the ranks during times of macroeconomic uncertainty. Elsewhere, 2024 will be a pivotal year for reskilling and building a pipeline of talent to tackle emerging risks, including the deployment of AI and fragmentation of regulation.”

Reducing and understanding risk exposures

The survey highlights that more than half (56%) of CRO respondents see environmental risk as a top-five issue that will demand CRO attention during the next three years, up from 37% in last year’s survey. Despite climate risk increasing in importance, only 6% have a complete understanding of climate risk exposure, and 49% of CRO respondents report that their organizations stated they only had a preliminary understanding of their exposure to climate risk.

While cybersecurity remains the main concern for CROs, the threats from cyber are constantly morphing with evolving links to geopolitical, technology and third-party risks. The number of CROs concerned about increased cyber attacks manifesting from geopolitical risk rose from 62% last year to 69% this year; this pressure is further compounded by the challenge of attracting cybersecurity talent (62%), and more than half (56%) of CROs stating cybersecurity will be the most important skill set in the next five years.

Additionally, data and technology concerns persist as long-term priorities in the rapidly digitizing banking sector, with more than a third (39%) of CRO respondents highlight industry disruption from new technologies as crucial for risk management in the next five years. Artificial intelligence (AI) and machine learning risks have surged among CROs – up from 13% to 38% since last year. This suggests that wider AI deployments may pose a tangible day-to-day risk in the near future.

Martin Boer, Senior Director, Regulatory Affairs at the IIF, says:

"We’re seeing a paradigm shift where interconnected risks have become endemic to the banking sector – as it has in nearly every industry. This change calls for a holistic, proactive and resilient approach in risk management, adapting to ongoing challenges in cybersecurity, credit and environmental risks amid increasing global uncertainties.”

Geopolitical tensions create uncertainty

Geopolitical risk is evolving. Looking beyond armed conflicts, trade tensions and disrupted supply chains could all hurt the industry. Increased cyber attacks (cited by 69% of CROs), a global economic slowdown (67%) and increased market volatility (65%) were cited as the most likely manifestations of geopolitical risk. Geopolitical risks play out differently by region, with almost three-quarters (73%) of Asia-Pacific CRO respondents concerned about changes to the global trade environment, compared to 59% in Europe and 38% in North America. However, CROs respondents in Asia-Pacific (73%), North America (72%) and Europe (71%) share the concern that cyber warfare between nation states is the principal risk.

Additional notable findings from the survey include:

  • In 2015 and 2016, regulatory risk was the top CRO priority, but over the years it fell to the middle of the pack. This year, it re-emerges as a top priority – the second most important for the next 12 months. The events of early 2023 increased CRO expectations for supervisory scrutiny in the US and elsewhere, and only 10% of CRO respondents report that their institutions are fully prepared for Basel III finalization, while 11% have not yet kicked off their implementation efforts. 
  • Only 35% of CRO respondents are involved as stakeholders in enterprise-wide initiatives regarding adoption of transformative technologies like AI and machine learning. This is a missed opportunity to advise the business and may lead to heightened technology risk in the future.
  • CRO respondents are also very concerned about talent and culture risks, with 66% of them noting that talent is one of the most significant long-term risks facing the banking industry – up from 57% last year.
  • Liquidity risk was named by two-thirds of CRO respondents (66%) as the top financial risk for the next year, followed by consumer/retail credit risk (56%), wholesale credit risk (52%) and interest rate risk for the banking book (48%).

For more information, read the full report.


About the Institute of International Finance (IIF)

The Institute of International Finance (IIF) is the global association of the financial industry, with about 400 members from more than 60 countries. The IIF provides its members with innovative research, unparalleled global advocacy, and access to leading industry events that leverage its influential network. Its mission is to support the financial industry in the prudent management of risks; to develop sound industry practices; and to advocate for regulatory, financial and economic policies that are in the broad interests of its members and foster global financial stability and sustainable economic growth. IIF members include commercial and investment banks, asset managers, insurance companies, professional services firms, exchanges, sovereign wealth funds, hedge funds, central banks and development banks. To learn more about IIF, please visit, follow us on TwitterLinkedIn or YouTube, or check out IIF’s podcasts.

About EY

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit

This news release has been issued by EYGM Limited, a member of the global EY organization that also does not provide any services to clients.

About the survey

The global EY organization, in conjunction with the IIF, surveyed IIF member firms and other banks in each region globally (including a small number of material subsidiaries that are top-five banks in their home countries) from June 2023 through October 2023.

Participating banks’ CROs or other senior risk executives were interviewed, completed a survey, or both. In total, 85 financial institutions across 30 countries participated. Participating banks were fairly diverse in terms of asset size, geographic reach and type of bank. Regionally, those banks were headquartered in Asia-Pacific (14%), Europe (20%), Latin America (14%), Middle East and Africa (18%) and North America (34%). Of those, 12% are globally systemically important banks (G-SIBs).