Treasury and finance professionals believe that cyber risk is the most challenging risk to manage and will continue to be for the foreseeable future, according to the 2020 AFP Risk Survey, supported by Marsh & McLennan.

In a poll of nearly 365 practitioners, the survey found that 53% report that cyber security risk is currently the most challenging risk to manage. Additionally, fully 51% of respondents believe that three years from now the task of managing cyber security risks will continue to be the most complex risk to manage. Cyber security risks are an example of the evolving risk landscape; a decade ago, only 12% of survey respondents cited cyber risk as difficult to control. Although organisations are ramping up systems internally, they are faced with controlling increasingly malicious cyberattacks and an increase in the number of those committing crimes.

Survey results also revealed the risks that financial professionals believe will have the greatest impact on earnings in the next three years. Strategic risks (such as competitors, industry disruptions, for example)  topped the list (40%), followed by financial risks (35%), political risks and regulatory uncertainty within the US (33%), and macroeconomic risks (31%).

With 2020 being a presidential election year in the US, a possible change in the administration creates some level of uncertainty. Additionally, there is some concern that the US economy may be facing some headwinds, and interest rate cuts by the Federal Reserve Board late last year have done little to allay the fears of business leaders about financial and macroeconomic risks impacting organisations’ earnings. Fully 57% of treasury professionals revealed that they are concerned about upcoming economic uncertainty in the US, with 19% indicating that they are very concerned. Similarly, 58% of corporate practitioners said they were nervous about the global economy.

The good news is that as the risk landscape is evolving, companies appear to be adapting accordingly, performing thorough and regular risk assessments. Fully 37% of organisations have a dedicated function actively assessing risk and reporting it regularly, while 29% have a process through which individual functions assess and report risk.  Other companies are more informal in their risk assessment process, with 23% stating their organisation assesses risk only when the need arises.  

“Today, organisations have to grapple with multiple risks,” said Jim Kaitz, president and CEO of AFP. “Cyber risk flew under the radar a decade ago, but financial professionals now understand that they will still be struggling with controlling this risk for the foreseeable future. Over time, we are sure to see risks continue to evolve and risk managers will need to adapt accordingly.”   

“While financial leaders are better prepared to manage known risks, the survey data points to the need to improve the ability to systematically identify new, emerging risks and analysis of known risks, such as cyber and extreme weather,” commented Alex Wittenberg, executive director at Marsh & McLennan Advantage. “Few organisations have adopted formal processes for engaging senior leadership and the board in a discussion of how an increasingly uncertain environment will impact strategy decisions.”