EY and Institute of International Finance survey reveals cybersecurity and AI are reshaping risk leadership in global insurance sector

Posted on 27, April 2026 by | This entry was posted in Artificial Intelligence (AI), Business, Financial, Government, Industrial, Infrastructure & Utilities, Insurance, Investment, Management, Marketing, Security & Safety, Technology, United Kingdom and tagged , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Fiber optic cables transmitting data, creating a data tree, symbolizing the growth and interconnectedness of information in the digital age

(IN BRIEF) The EY and Institute of International Finance Global Insurance Risk Management Survey reveals that cybersecurity remains the top concern for insurance chief risk officers, driven by increasing complexity, geopolitical tensions, and evolving digital threats. The report highlights growing adoption of artificial intelligence in risk management, alongside stronger governance frameworks to address associated risks. Operational resilience has become a key board-level priority, with organisations investing more in cyber resilience, business continuity, and third-party risk management. At the same time, risk governance models are becoming more integrated and enterprise-wide. The role of the CRO is also evolving, with risk leaders taking on a more strategic role in driving innovation, supporting transformation, and strengthening organisational resilience in a rapidly changing risk landscape.

(PRESS RELEASE) LONDON, 27-Apr-2026 — /EuropaWire/ — A new global survey conducted by EY in collaboration with the Institute of International Finance highlights how insurance chief risk officers (CROs) are navigating an increasingly complex and rapidly evolving risk environment shaped by cyber threats, geopolitical tensions, and accelerating technological change.

The third annual Global Insurance Risk Management Survey, drawing insights from more than 100 organisations across EMEIA, the Americas, and Asia-Pacific, reveals that cybersecurity continues to dominate the risk agenda. It has emerged as the most significant threat for CROs, surpassing other risks in terms of frequency, regulatory scrutiny, and operational impact.

According to the findings, 80% of CROs rank cyber risk among their top five enterprise risks, while 30% identify it as their primary concern. In parallel, 79% of respondents point to cybersecurity threats and digital hostilities as the most impactful geopolitical factor affecting their organisations. The increasing complexity of cyber risk is further amplified by dependencies on third parties, evolving data privacy requirements, and increasingly sophisticated attack methods.

Jonathan Zhao noted that the role of the CRO is undergoing a significant transformation, with responsibilities expanding beyond traditional oversight to include enabling innovation while maintaining strong governance. He emphasized that effective risk leaders must balance the integration of advanced technologies such as artificial intelligence with the need for robust controls and resilience.

The survey also highlights a marked acceleration in artificial intelligence adoption within risk management functions. While many insurers were previously in the early stages of AI implementation, more than half are now deploying AI-driven tools across various use cases. These include chatbots, legal and document analysis, and cyber analytics. As adoption increases, organisations are simultaneously strengthening governance frameworks, with a growing number implementing formal AI policies and enterprise-level oversight structures.

Philippe Brahin, Director of Insurance and Non-Bank Financial Institution Regulation and Policy at the Institute of International Finance, emphasized that the interconnected nature of modern risks is reshaping how insurers approach risk management. He highlighted that cyber risk now spans multiple dimensions, affecting operations, third-party relationships, customer data, and financial resilience simultaneously.

Operational resilience has also become a central priority at board level. Key areas of focus include cyber resilience, critical business services, and third-party risk management. Organisations are increasing investment in areas such as disaster recovery, business continuity planning, and end-to-end resilience testing, reflecting a shift from compliance-driven approaches to more proactive and structured resilience capabilities.

At the same time, risk governance frameworks and operating models are evolving to address a broader range of non-financial risks and regulatory fragmentation. Insurers are adopting more integrated, enterprise-wide approaches, supported by advancements in risk technology, enhanced control frameworks, and improved coordination across business functions. These changes are enabling greater transparency, accountability, and consistency in risk management practices.

The findings also point to a turning point in the role of CROs, with risk leaders playing a more influential role in strategic decision-making and transformation initiatives. Over three-quarters of respondents reported increased involvement in enterprise-wide change programmes, reflecting the growing importance of risk functions in guiding organisations through uncertainty and supporting long-term growth.

Overall, the survey underscores a shift in the insurance sector, where risk management is no longer limited to compliance and control but is becoming a key driver of resilience, innovation, and business transformation.

Notes to editors

About EY

EY is building a better working world by creating new value for clients, people, society and the planet while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

All in to shape the future with confidence.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available ey.com/privacy. EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit ey.com.

This news release has been issued by EYGM Limited, a member of the global EY organization that also does not provide any services to clients.

Methodology

The global EY organization, in conjunction with the IIF, surveyed IIF member firms and other insurers in each region globally from November 2025 through January 2026.

Participating insurers’ CROs or other senior risk executives were interviewed, completed a survey, or both. In total, 106 organizations across EMEIA, the Americas, and Asia-Pacific participated.

Participating insurers were fairly diverse in terms of asset size, geographic reach, and line of business. Regionally, those firms were headquartered in Asia-Pacific (9%), EMEIA (42%), and the Americas (49%).

Media Contact:

Vicki Conybeer
Associate Director, Global Media Relations and Social Media, Industry Markets, Ernst & Young LLP

SOURCE: Ernst & Young

MORE ON ERNST & YOUNG, EY, ETC.:

EDITOR'S PICK:

Comments are closed.