EY and IIF: Four in Five CROs Rank Cyber Among Top Risks

The insurance sector is confronting a rapid escalation in cyber threats, as evidenced by EY and the Institute of International Finance’s latest CRO survey. Eighty percent of respondents now rank cyber among their top five risks, reflecting heightened awareness of data breaches, ransomware, and the cascading effects on underwriting and claims. This heightened focus is reshaping boardroom discussions, pushing cyber risk to the forefront of strategic planning alongside traditional concerns such as regulatory compliance and market volatility.

Artificial intelligence is a double‑edged sword for insurers. While AI promises faster threat detection, models like Anthropic’s Mythos lower the barrier for sophisticated attacks, expanding the attack surface across vendor ecosystems. The survey highlights that 77% of CROs view third‑party and vendor cyber risk as a critical component, a trend amplified by AI‑driven automation that can exploit weak controls in supply chains. Regulators are also tightening data‑privacy mandates, compelling insurers to adopt more rigorous vendor‑governance frameworks to avoid costly penalties and reputational damage.

In response, insurers are earmarking substantial resources for risk‑technology upgrades. Over half plan to enhance risk appetite frameworks, stress‑testing, and scenario analysis, while 58% target advanced cyber‑risk platforms to improve detection, response, and integration with broader risk‑management systems. This strategic pivot toward infrastructure and talent development signals a move away from siloed fixes toward holistic, enterprise‑wide resilience, positioning insurers to better navigate the evolving cyber landscape.