Information security
How conflict sharpened Israel’s role in cyber security
Recent growth in offshoring of infosec comes despite regulatory focus on supply-chain resilience
Most banks add ERM heads – but CROs keep control
Hiring tilts towards AI, cyber and model risk as enterprise risk’s remit grows faster than its reach
Banks curb frequency of GRC vendor reviews
Data shows drop in plans to pitch or switch vendors, amid tighter third-party rules – but TPRM bucks the trend
In more than 90% of banks, second line tackles cyber risk
But some regulators would still like to see more 2 LoD risk staffing for infosec and IT disruption
Almost all banks mandate cyber security training
And unlike other risks, information security coaching moves the internal confidence dial
Regional banks favour scenario analysis over op risk modelling
Domestic and smaller regional players favour scenarios to gauge tail exposure; G-Sibs stick to modelling, for now
Regulators zero in on third-party risk, resilience
In latest survey, 35% of banks say watchdogs have “significantly increased” focus on third-party risk, with reports of arduous inspections and growing resource strain
More than one-quarter of banks overhaul third-party KRIs
Op Risk Benchmarking data shows more flux – and less confidence – in indicators tracking vendors versus other risks
Risk appetite breaches test development banks
MDBs also more likely to change services or strategy to reduce risk exposure, survey shows
Glass houses: US agencies urged to shore up cyber defences
Email hack at OCC raises concerns over more widespread frailty at regulators
Algos shrugged: AI uptake still lagging in bank op risk
Risk managers acknowledge transformative potential of artificial intelligence – most, from a safe distance
People: Rustad to head SwapClear, Kimmel exits Citadel, and more
Latest job changes across the industry
SEC faces debate over possible cull of cyber security rules
Lobby groups pushing for regulator to roll back disclosures, but investors take a different view
FMIs create culture club for op risk
Exchanges and clearing houses seek to build risk resilience among front-line business, amid concerns of overreliance on second line of defence
Technology is a double-edged sword for FMIs
Exchanges and clearing houses rely on third-party vendors for vital systems, but outsourcing can also lead to duplication and waste
Evalueserve tames GenAI to boost client’s cyber underwriting
Firm’s insurance client adopts machine learning to interrogate risk posed by hackers
Cyber insurance costs expected to rise as loss ratios worsen
Recent ransomware and tech failure events could feed through into higher premiums this year
Top 10 op risks: Why cyber risk looms larger than its losses
Fast-moving threat landscape and increased supplier concentration keep infosec top of the table
Top 10 operational risks for 2025
The biggest op risks as chosen by senior practitioners – and what they’re doing about them
Top 10 op risks: cyber still top, but change management surges
AI-enhanced threats permeate this year’s top operational risks for financial firms, from infosec to geopolitics
Op risk data: Crypto hack bites Bybit; fat-finger flurry at Citi
Also: OKX gets AML scold, UK motor finance fiasco revs up. Data by ORX News