Risk management
Charts
Cyber still in focus
Cyber security remains the number one concern for risk managers in 2024, unchanged from the 2023 and 2022 benchmarks. Market risk comes a distant second, followed by operational risk.
Environmental risk brings up the rear. Some central banks have established climate risk units, and many have staff working on the issue. But it still clearly remains a secondary concern.
For the full breakdown, use the benchmarking service’s interactive charts to explore the data.
Privacy and security seen as greatest AI risks
Larger risk teams more likely to provide training to staff on risk types
Most central banks reviewed risk management in past year
Other aspects evaluated varied by risk team structure and departmental staff strength
Cyber and geopolitical risks are managers’ top risks
Geopolitical risks seen rising fastest, but cyber is the biggest concern currently
Risk Management Benchmarks 2025 Charts
Take a deep dive into the Risk Management Benchmarks charts, which have just been released for 2025.
Central banks keep ISO 31000 and COSO-ERM as main approaches
Principles tend to vary slightly by central banks’ risk management philosophies
Central banks typically employ detailed business continuity plans
But institutional risk appetite is less commonly included, especially in Europe
A third of central banks lack key risk indicators
Most of those with KRIs conduct monitoring and employ feedback loops
Direct system breaches are top cyber risk
Main threats vary by cyber security staffing and economic groupings
Over 60% of risk departments face staff and resource shortages
Teams that face hiring challenges generally have to make do with smaller risk departments
One-fifth of central banks lack defined risk tolerance and strategy
But majority of respondents apply risk management principles to policies and processes
Adoption of governance, risk and compliance systems still partial
Respondents mention main service providers and plans to upgrade
Decentralised risk teams less likely to have chief risk officers
CROs are also less common at Asia-Pacific and European central banks