A majority of insurance chief risk officers (CROs) expect cybersecurity to be a top concern over the next 12 months, with a significant proportion also ranking third-party and vendor cyber risk among their top five concerns, according to survey results from professional services firm EY.
The company reports that many CROs are prioritizing AI-based risk management capabilities, with chatbots and large language model integration becoming the most common applications.
At the same time, most organizations expect to reduce manual roles in risk functions and increase investment in data, analytics and artificial intelligence skills.
The findings come from EY’s third annual Global Insurance Risk Management Survey, conducted in partnership with the Institute of International Finance (IIF).
The report, authored by EY Americas Insurance Non-Financial Risk Leader Stu Doyle and EY Global Insurance Leader and EY Hong Kong Financial Services Leader Jonathan Zhu, reflects responses from CROs across geographies, business lines and organizational sizes.
Ernst & Young said the findings show that increasing speed, complexity and interconnectedness are creating a risk environment. Geopolitical developments, technological change, climate pressures and changing regulations combine to create risks that emerge more suddenly and spread more widely across organizations.
Ernst & Young reports that cyber risks, operational resilience, artificial intelligence and third-party dependencies have become a focus for businesses. Ernst & Young said the survey shows insurers are shifting their focus from managing traditional risks to anticipating how disruption and innovation will reshape their business models and operations.
In response to escalating cyber threats, EY found that insurers are integrating cyber risk, third-party risk and operational resilience into a more integrated framework. This includes expanded ongoing monitoring, enhanced governance and increased scenario testing, as well as closer oversight of third- and fourth-party relationships.
EY also emphasized that governance and controls remain core priorities, particularly as AI adoption accelerates and regulatory expectations continue to vary across jurisdictions. Insurers are updating their control frameworks to clarify responsibilities and introduce more automated monitoring and testing capabilities, EY said.
Data remains a key area of focus. EY reports that many CROs are prioritizing improving access to high-quality, consistent data to enable more timely and actionable risk insights. Investments in centralized data platforms are helping organizations address fragmentation and enable more effective use of advanced technologies.
EY said the survey further shows that the risk workforce is undergoing structural changes. CROs expect automation to reduce routine tasks, while demand for skills such as data literacy, digital expertise and business understanding continues to grow. EY noted that hybrid roles combining risk, data and AI capabilities are expected to become more prominent.
EY concluded that the role of the chief risk officer is evolving into a more strategic position, more involved in business decisions and organizational transformation.
Companies that strengthen governance, enhance data capabilities and build digitally skilled teams will be better able to manage increasing complexity and remain resilient in a rapidly changing risk environment, EY said.