For decades, the financial market learned to live with concepts such as credit, liquidity and market risk. Regulators, investors and boards of directors have developed sophisticated mechanisms to measure, monitor and mitigate these risks, transforming them into a fundamental part of institutions’ management.
Now, a new category is beginning to occupy a similar space: digital risk.
The change may seem subtle, but its effects are profound. While some organizations still treat cybersecurity as a responsibility restricted to technology areas, the global financial market is beginning to see the topic from another perspective.
Continues after advertising
Digital security is now understood as an essential element for business continuity, investor confidence and corporate governance itself.
The results of the 2025 edition of International Asset Management Cybersecurity Benchmarking Survey help illustrate this transformation. The initiative, led by the Investment Company Institute (ICI), the International Investment Funds Association (IIFA) and associations linked to IOSCO, was disseminated by ANBIMA in Brazil and brought together 55 managers from 13 countries.
In total, 161 questions were assessed related to how institutions deal with digital risks, information protection, new technologies and preparation for crisis scenarios.
Continues after advertising
Brazil accounted for 30 of the 55 managers qualified for the survey, becoming the jurisdiction with the highest participation in the research. More than just statistical data, this result demonstrates the growing interest of the national industry in following the transformations that are shaping risk management on a global scale.
But perhaps the study’s main insight isn’t in the answers.
It’s in the questions.
Continues after advertising
Also read:
When analyzing the results of the survey, what draws the most attention are not necessarily the percentages presented, but the themes chosen for evaluation.
They are all part of what I usually call trust infrastructure of organizations: the set of capabilities that allow companies to operate, make decisions, protect information, respond to crises and preserve credibility in an increasingly digital environment.
Continues after advertising
In a market where technology and business have become inseparable, trust is no longer just an institutional value. It became directly dependent on the ability to govern risks.
When an international survey dedicates relevant space to topics such as Artificial Intelligence, business continuity, strategic suppliers, information protection, new technologies and incident response capabilities, it offers a very accurate portrait of the concerns that are beginning to occupy the center of strategic discussions in the financial sector.
We are not looking at a survey of tools.
We are facing a discussion about trust.
Trust goes through digital governance
One of the clearest signs of this transformation appears in the attention devoted to Artificial Intelligence.
The debate no longer revolves solely around productivity gains or process acceleration. Organizations are beginning to discuss deeper questions: how to oversee decisions supported by technology, how to ensure transparency, how to avoid inappropriate uses of information, and how to maintain control in an increasingly automated environment.
In practice, the question is no longer “how to use Artificial Intelligence?” and it became “how to use it without losing governance?”.
Another relevant point is the growing attention paid to risks that do not appear within the organization.
Digital transformation has brought significant efficiency gains, but has also increased dependence on technological partners, digital platforms and specialized suppliers. Today, a failure by a third party can generate impacts as relevant as an internal failure.
This helps explain why more mature institutions are expanding their gaze beyond their own controls. Security is no longer an isolated responsibility and begins to involve the entire ecosystem that supports the operation.
The same reasoning applies to the growing technological dependence observed in practically all segments of the economy.
A few years ago, the main discussion was whether companies should accelerate their digital transformation. Today, this stage has already been overcome. Technology has become an inseparable part of the functioning of organizations.
The question now is different: how to maintain supervision, control and responsiveness in operations increasingly dependent on complex technological structures?
Perhaps this is why research shows growing concern about the capacity of institutions to react to adverse situations.
For a long time, security maturity was associated with the ability to prevent incidents. The market is beginning to realize that there is a second, equally important capability: the ability to continue operating when events happen.
After all, no organization is immune to failures, interruptions or attacks. What differentiates more prepared institutions is the speed with which they can identify problems, respond to them and recover their operations while preserving the trust of customers, investors and partners.
Another aspect that deserves attention is the presence of themes related to future forms of information protection. Although they still seem distant for many organizations, these issues are already beginning to appear on the agendas of institutions that seek to anticipate risks instead of just reacting to them.
The history of risk management shows that resilient organizations are rarely those that can accurately predict the future. They are usually those who start preparing before challenges become urgent.
There is also an important message behind the strong Brazilian participation in the survey.
The quality of any benchmarking directly depends on industry participation. The more institutions contribute, the greater the ability to understand trends, identify common challenges and build a more accurate view of market developments.
In this sense, the mobilization promoted by ANBIMA deserves recognition. Initiatives like this go beyond producing statistics. They help transform individual experiences into collective intelligence, strengthening the sector’s ability to understand its challenges and follow the evolution of best international practices.
The participation of managers should not be seen simply as filling out a questionnaire.
This is an effective contribution to expanding understanding of the maturity stage of the Brazilian market and strengthening its presence in global discussions on digital governance and emerging risks.
There is an important difference between organizations that react to changes and organizations that prepare for them.
The research shows that the global financial market has already started to prepare.
The significant participation of Brazilian managers demonstrates that the sector is also attentive to this transformation.
The challenge now is not recognizing the importance of digital risk.
It is about transforming this recognition into governance capacity. Because digital risks will not be defined by technology. They will be defined by how organizations choose to manage them.
And, in the digital economy, trust remains the most valuable asset of all.
