Tag:

Operational risk

Business

Cyber Insurance Premiums Drop Unexpectedly in 2025 | Risk.net

by Priya Shah – Business Editor
written by Priya Shah – Business Editor

Cyber insurance premiums unexpectedly declined in 2025, a reversal of expectations given the increasing sophistication and frequency of cyberattacks. Lockton, a global insurance broker, reported a portfolio-wide premium drop of 11% for the year, with the most significant reductions occurring in the first half of the year.

The decline comes after a period of substantial rate increases driven by a surge in ransomware attacks and other cyber incidents. Insurers had anticipated continued premium growth in 2025 as they reassessed market conditions and the evolving threat landscape. However, increased competition among carriers appears to be driving down prices, even as the overall risk environment remains elevated.

According to a report by Munich Re, the global cyber insurance market was projected to reach USD 16.3 billion in 2025. Despite the market’s growth, the insurance industry has demonstrated the capacity to withstand extreme cyber exposure scenarios, including widespread malware attacks and outages of cloud service providers. The July 2024 disruption caused by a faulty CrowdStrike update, impacting millions of Windows systems globally and disrupting critical infrastructure, underscored the vulnerability of the digital world, but did not immediately translate into higher premiums.

Risk Strategies’ 2025 outlook indicates that organizations with robust cybersecurity controls are experiencing premium decreases exceeding 20%, alongside expanded coverage options. Entities with solid controls can expect rate reductions of around 20%. Insurers are closely monitoring the utilize of artificial intelligence (AI), recognizing its potential to both enhance cybersecurity and be exploited by malicious actors. Companies leveraging AI to improve their security posture may qualify for more favorable rates and terms, with some carriers offering affirmative coverage related to AI risks.

The NAIC Cybersecurity Insurance Market Report notes that global cyber insurance premiums reached nearly $15 billion in 2024, a 7% increase from the previous year, with most of the growth occurring outside the U.S. This suggests a more competitive market in the United States, contributing to the observed premium declines.

While capacity remains available, ransomware attacks are showing signs of resurgence, prompting continued caution from insurers. Carriers are maintaining strict underwriting scrutiny, and organizations lacking adequate cybersecurity measures may face quote declinations or significant rate increases upon renewal.

0 comments
0 FacebookTwitterPinterestEmail
Business

Human Error Drives 50% of NZ Bank Operational Risks: 2007‑2023 Analysis

by Priya Shah – Business Editor
written by Priya Shah – Business Editor

Human Error Dominates Operational Risk in New Zealand Banking: A Deep Dive

Published: 2026/01/13 11:39:43

A recent, extensive case study analyzing over 5,000 operational risk incidents at a major New Zealand bank from 2007 to 2023 reveals a surprising truth: human factors are the primary driver of operational risk, accounting for more than half of all recorded incidents. This finding challenges the common assumption that technology failures pose the greatest threat in today’s rapidly digitizing banking landscape. The research, conducted within a concentrated and dual-regulated banking environment, offers valuable insights for risk management professionals and regulators alike, and establishes a robust methodology for similar analyses in other markets.

The Prevalence of Human Error

The study’s most striking finding is the dominance of human factors in operational risk. These factors encompass a wide range of issues, including inadequate training, procedural lapses, and simple errors in judgment. While technology failures certainly contribute to risk,they are demonstrably less frequent than incidents stemming from human actions or inactions. This isn’t to say technology is risk-free; rather,the sheer volume of human interaction within banking processes creates a larger surface area for potential errors.

Interestingly, the analysis also revealed that while human errors are common, they generally result in lower-severity outcomes. This suggests that existing controls often mitigate the impact of these errors before they escalate into notable losses. However, the sheer frequency of these incidents underscores the critical need for continuous investment in employee training, process betterment, and robust oversight mechanisms.

Beyond Frequency: Severity and Risk Type

The research didn’t stop at simply counting incidents. Regression analysis revealed distinct patterns based on the *type* of operational risk. Process-related risks – those stemming from flaws or inefficiencies in established procedures – were strongly associated with negative impacts on customers,financial performance,and regulatory compliance. This highlights the importance of streamlining processes, ensuring clear documentation, and implementing effective quality control measures.

System failures,while less frequent,were uniquely linked to reputational damage. However, this link proved to be context-dependent. When macroeconomic factors were taken into account, the association between system failures and reputational harm became statistically insignificant. This suggests that external economic conditions can amplify the impact of technology-related incidents, potentially due to increased customer sensitivity or heightened media scrutiny. The Reserve Bank of New Zealand plays a key role in overseeing these systemic risks.

The Evolving Regulatory Landscape

the study also examined how operational risk patterns evolved alongside significant regulatory changes in New Zealand. The introduction of the Financial Markets Conduct Act 2013 and the subsequent Financial Markets (Conduct of Institutions) Amendment Act 2022 coincided with shifts in the types and frequency of reported incidents. While the research doesn’t establish a direct causal link, it suggests that regulatory reforms can influence risk awareness and reporting practices within the banking sector.Banks are incentivized to improve their risk management frameworks to comply with these evolving standards.

Front-office focus: Where Risks Concentrate

A significant finding was the concentration of operational risk within front-office functions. Approximately 80% of all incidents originated in areas directly interacting with customers, such as client management, product sales, and business progress. This underscores the importance of robust controls and training programs for customer-facing staff. The high volume of transactions and interactions in these areas naturally creates more opportunities for errors or misconduct.

Six Key Areas of Operational Risk Concentration

A forensic review of around 400 material incidents identified six specific areas where operational risks are particularly concentrated:

  • Documentation Verification: Ensuring the accuracy and completeness of customer documentation.
  • customer Engagement: Managing interactions with customers in a compliant and ethical manner.
  • compliance Processes: Adhering to all relevant laws, regulations, and internal policies.
  • Fraud Prevention: Detecting and preventing fraudulent activities.
  • Payment Processing: Ensuring the accuracy and security of financial transactions.
  • Data Management: Protecting the confidentiality, integrity, and availability of customer data.

These six areas represent critical priorities for future risk mitigation efforts. While the study itself did not evaluate specific mitigation strategies, identifying these concentration areas provides a clear roadmap for targeted improvements.

Implications and Future Research

This research provides rare empirical evidence in a traditionally data-scarce domain. By leveraging incident-level data from a live banking environment,the study offers valuable insights that can inform risk management practices not only in New Zealand but also in other concentrated banking markets. The replicable methodology established by this research allows for confidential case studies to be conducted in similar settings, fostering a deeper understanding of operational risk dynamics.

Further research could explore the effectiveness of specific risk mitigation strategies in addressing the identified concentration areas. Investigating the impact of emerging technologies,such as artificial intelligence and machine learning,on operational risk management would also be valuable. Ultimately, a proactive and data-driven approach to operational risk is essential for maintaining the stability and integrity of the financial system.

Key Takeaways

  • Human factors are the dominant driver of operational risk in New Zealand banking, accounting for over 50% of incidents.
  • Process-related risks have significant impacts on customers, finances, and regulatory compliance.
  • System failures are uniquely linked to reputational damage, but this link is context-dependent.
  • Front-office functions are the primary source of operational risk incidents.
  • Six key areas – documentation verification, customer engagement, compliance, fraud prevention, payment processing, and data management – require focused risk mitigation efforts.
0 comments
0 FacebookTwitterPinterestEmail
@2025 - All Right Reserved.

Hosted by Byohosting Most Recommended Web Hosting – for complains, abuse, advertising contact: contact@world-today-news.com