BRUSSELS — Political risks have become the top concern of European risk managers, but cyber risks remain outside of their 10 greatest worries despite the growing threat from hackers.

In addition, many risk managers are unsatisfied with mitigation efforts already in place to address risks that “keep the CEO awake at night,” according to the Federation of European Risk Management Associations' seventh biennial Risk Management Benchmarking Survey.

Many of the biggest risks companies face are “intangible,” said Cristina Martinez, a FERMA board member and director of corporate risk management at Madrid-based Campofrio Food Group S.A.

The top 10 risks among the 850 risk managers in 21 countries participating in the survey were:

• political, such as government intervention and legal and regulatory changes;

• reputation and brand;

• regulatory and legislative compliance;

• competition;

• economic conditions;

• market strategy and client relationships;

• planning and execution of strategy;

• human resources, such as key people and labor

• quality, such as safety and liability of products and services;

• debt and cash flow.

The majority said their satisfaction was low with mitigation efforts at their companies for political, compliance, competition, economic conditions, market strategy and human resources risks.

Political risk has risen to the top of risk managers' agenda, Francis Miard, a Paris-based partner at EY Advisory, a unit of Ernst & Young Global Ltd. that had a role in the study, said during FERMA's two-day seminar held last week in Brussels.

Two years ago, it was the No. 4 risk most likely to keep CEOs awake at night in FERMA's study, and likely has become a greater concern due to heightened political tensions in areas close to Europe, he said.

There is “probably some work here for risk managers” to achieve greater satisfaction with the mitigation measures in place for these strategic and external risks, he said.

FERMA President Julia Graham said insurers, brokers and risk managers must find innovative ways to tackle such risks.

“Risk managers need to ask the right questions” of their brokers and insurers and “look for more knowledge” to satisfactorily mitigate such risks, she said.

Additionally, risk managers need to become more strategic partners within their organizations to manage the risks they see as the greatest threats, Ms. Martinez said.

European risk managers also face evolving and emerging risks, most notably cyber and environmental liability exposures, said John Scott, Guildford, England-based chief risk officer at Zurich Global Corporate, an arm of Zurich Insurance Group Ltd.

While 72% of survey participants do not buy cyber insurance, 19% that do buy it have limits of less than e50 million ($63.8 million), 5% have limits of less than e100 million ($127.6 million), 2% have limits up to e300 million ($382.8 million) and just 1% have limits in excess of e300 million.

One reason cyber insurance is purchased less often in Europe than the United States may be that a planned European directive on data protection is not yet in effect, Mr. Scott said. The directive, slated to go into effect next year, is likely to impose mandatory reporting of breaches, large fines and the hiring of data protection officers by companies.

Brokers and insurers must do a better job of educating buyers about cyber risks, the coverage they have and additional insurance that might be needed, said Jochen Koerner, Marsh L.L.P.'s Frankfurt, Germany-based managing director and sales leader for Continental Europe, the Commonwealth of Independent States and Turkey.

Mr. Scott said liability risks will change dramatically as new technology such as drones and driverless vehicles are used.

“The whole liability framework is changing, and it affects all of you personally and all of your companies,” Mr. Scott said.

While such technology may have benefits such as reducing auto accidents by using driverless cars, it also will change the way risk managers purchase certain kinds of insurance, such as commercial auto fleet programs, he said.