Chief risk officers are playing an increasingly influential and important role, according to Ernst & Young’s (EY) annual insurance CRO survey.

“Risk functions have evolved from ‘check-the-box’ compliance to being a key enabler for business decision-making,” EY says.

“This change has provided CROs with a seat at the table in the highest levels of the organisation.

“The CRO role will always have a strong regulatory driven rationale.

“But as the role evolves, we see an opportunity in [enterprise risk management] to take stock of teams, tool kits and processes and utilise them to achieve greater effectiveness.”

The global survey, now in its sixth year, shows CROs are working to strengthen risk accountability and understanding across the workforce.

“In general, even where there is no regulatory mandate, CROs and their risk teams are increasingly involved with stress-testing and more advanced financial models to quantify risk,” EY says.

The study reveals cyber risk has emerged as a leading concern for most CROs, who consider it a key area of focus.

Most CROs in North America believe their organisations face “a real risk” of a serious cyber attack or data breach.

“The quantity and personalised nature of the data that insurers hold makes them highly attractive targets for hackers and cyber thieves,” the survey report says. “In regard to cyber threats, some CROs currently serve as liaisons to IT divisions, which typically own these risks.

“However, several respondents believe more must be done.”