Cyber, human capital and macroeconomics top risk list for European auditors

Cyber, human capital and macroeconomic uncertainty are the three biggest risks contributing to a polycrisis for businesses in Europe, according to as survey by the Chartered Institute of Internal Auditors (CIIA), which has urged boards to refocus on strategic risks.

Publishing the results of its survey of 800 European chief internal auditors, the CIIA found that cybersecurity (84%) remains the top risk for the next 12 months. It is the sixth consecutive year that cyber has come out on top.

The CIIA says multiple catastrophic events occurring at the same time will exacerbate interconnected risks, from economic uncertainty and the cost of living crisis to the war in Ukraine and geopolitical instability.

Its Risk in Focus 2024 report, which accompanies the survey’s results, calls on boards to work with internal auditors to strengthen organisational resilience against the threat of polycrisis and strategic risks. It recommends testing risk strategies against scenarios to expose hidden interrelated risks. Boards should question whether assumptions on financial stress testing align with reality and whether economic scenario planning is “awake to emerging risks”, says the CIIA.

“Organisations squeezed by tight economic conditions need an unwavering focus on resilience and a growth mindset to navigate the polycrisis and spring back when conditions are right,” it adds.

Given the prominence of the cyber threat, the CIIA urges boards to ensure internal auditors evaluate cybersecurity awareness and training programmes within their organisation.

The CIIA says businesses are continuing to face labour shortages in key sectors of the economy, with 58% of respondents naming human capital, diversity and talent management as a top risk, placing it in second place. Ranked in joint third place with changing laws and regulations, 43% of respondents cite macroeconomic and geopolitical uncertainty as a top risk.

The CIIA warns that the polycrisis will test business continuity plans, with 35% of the survey naming business continuity, operational resilience, crisis management and disaster response as a top risk, in fifth place.

Digital disruption, from developments such as AI, is a top risk for 33% of respondents. But the survey identifies this as a growing threat, with half of respondents expecting it to rise in three years.

Climate change is also a seen as a growing risk, the CIIA says, with 31% citing it as a top risk today. However, 53% expect the impact of climate change will increase over the next three years to become the third-biggest risk behind cybersecurity and human capital.

Anne Kiem, chief executive of the CIIA, said: “With the economy still in a fragile state, boards will be focused on the increased climate-related pressures, geopolitical uncertainties, a dangerous cyber-risk landscape, inflationary pressures, and attracting and retaining the skills and talent needed to navigate more risky and volatile times ahead. In these unique and challenging times, boards and their internal auditors will need to respond rapidly to immediate, fast-moving threats and have an unwavering focus on resilience.”

Risk in Focus 2024: Top 10 risks

1. Cybersecurity and data security (84%)
2. Human capital, diversity, talent management and retention (57%)
3. Macroeconomic and geopolitical uncertainty (43%)
4. Change in laws and regulations (43%)
5. Business continuity, operational resilience, crisis management and disasters response (35%)
6. Digital disruption, new technology and AI (33%)
7. Climate change, biodiversity and environmental sustainability (32%)
8. Supply chain, outsourcing and ‘nth’ party risk (30%)
9. Market changes, competition and changing consumer behaviour (30%)
10. Financial, liquidity and insolvency risks (26%)