Top Risks Facing Organizations in the United Kingdom
UK respondents to our Global Risk Management Survey (GRMS) ranked cyber attack or data breach as their number one current and future risk.
Current Risks
Compared to the 2021 survey, the risks listed in this year’s United Kingdom top 10 are largely unchanged: nine of the 10 are the same, although their positions have shifted in response to macroeconomic conditions.
Top 10 Current Risks: United Kingdom
- Cyber Attack or Data Breach
- Failure to Attract or Retain Top Talent
- Economic Slowdown or Slow Recovery
- Damage to Brand or Reputation
- Failure to Innovate or Meet Customer Needs
- Business Interruption
- Regulatory or Legislative Changes
- Cash Flow or Liquidity Risk
- Supply Chain or Distribution Failure
- Climate Change
New to the list in 2023 is cash flow or liquidity risk at number eight, an indication of the sharp rise in cost of living in the UK, along with persistently high inflation and interest rates. Failure to attract or retain top talent’s number two ranking reflects the exceptionally tight UK labor market, in which organizations face stiff competition for workers and specialized talent. Along with their employees, organizations in the UK face increased cost pressures. Combined with sluggish economic growth, these pressures make it difficult to increase pay for existing staff or offer competitive wages for recruiting new employees, particularly in specialty fields. Without adequate staffing in key roles, organizations struggle to innovate, implement necessary changes and keep up with demand, which is illustrated by failure to innovate or meet customer needs ranking at number five.
Cyber attack or data breach—another complex and continually fast-paced, evolving risk with close ties to business interruption, ranked number six, and damage to brand or reputation—retained its number one current risk ranking in 2023. Organizations in the UK continue to struggle to contend with the ever-present threat of cyber attacks amid rapid digitalization. And as geopolitical volatility persists, cyber attacks have become more frequent. Nevertheless, the number of insurance claims for cyber incidents seems to have fallen, highlighting how organizations are investing in cyber security and exercising vigilance in identifying and mitigating their cyber exposure. Also affecting cyber security is the UK’s number three–ranked risk, economic slowdown or slow recovery, because workers struggling to make ends meet are under stress, increasing the risk of errors and employee-related cyber exposures.
That damage to brand or reputation remains in the top five current risks (ranked three in 2021 and four in 2023) represents the challenge organizations are facing in quantifying such a complex and shifting exposure. It also reflects stories of several high-profile incidents in the British news with broad brand and reputational impacts. Sexual misconduct scandals at some organizations prompted widespread censure and halted longstanding partnerships, while allegations of auditing irregularities and inequitable compensation resulted in fines and multibillion-dollar damages.
That regulatory or legislative changes was ranked as UK respondents’ number seven current risk highlights organizations’ concerns regarding potential regulatory changes. With a general election expected in 2024, changes could be imminent. Regulations and legislation are key in determining organizational strategies as well as investment, so uncertainty in this realm can lower risk tolerance and dampen enthusiasm in investment.
The UK was the only region surveyed in which respondents ranked climate change among their top 10 current risks, at number 10. Climate change has been affecting the UK via rising temperatures: 2022 was the UK’s hottest year on record, with an average year-round temperature higher than 10°C. Other climate-change effects bringing this risk to the forefront of participants’ minds include flooding and an increase in wildfires. In 2019, the UK became the first major economy to pass into law a domestic requirement for net-zero greenhouse gas emissions by 2050. The UK’s Climate-Related Financial Disclosure Regulations (TCFD), introduced in 2022, require businesses to disclose their climate risks and opportunities based on TCFD recommendations. Faced with increasing regulatory requirements and more-extreme weather, climate change is clearly on the agenda for many business leaders and has established its place as a key risk for UK organizations.
Underrated Risks
Given workforce shortages, intense competition for talent and expanded regulation around environmental disclosures and impacts, environmental social governance (ESG) and corporate social responsibility (CSR) is an underrated risk, at number 13. Additionally, investors are increasingly focused on organizations’ ESG criteria. Corporate environmental considerations can include climate change, energy and natural resource conservation, waste and emissions reduction and ethical treatment of animals, while social criteria concern how companies care for their employees and the larger community. Finally, governance standards encompass a company’s leadership, integrity and accountability, including transparency in its operations and accounting and commitment to diversity, equity and inclusion.
A compelling narrative around the wellbeing of employees is critical to recruitment efforts, as are potential employers’ green credentials. Reporting around gender pay gaps and inequality in wealth and income are prevalent topics of discussion and debate in the UK, a global leader on the issue when it passed the Equality Act 2010 (Gender Pay Gap Information) Regulations for reporting in 2017. As such, it is top of mind for residents and organizations alike. When job seekers have multiple opportunities available, organizations’ positions on such issues become even more important and can influence candidates’ decisions.
Organizations seen as being forward-thinking, ready to embrace change, actively engaged in corporate social responsibility and vigilant about governance can have substantial competitive advantages over their peers, both in terms of ability to attract talent and in terms of shareholder expectations. And an openness to viewing job candidates through a different lens, perhaps by considering what skills and experience may be needed in the future versus what has been required historically, can provide new talent pools. This, too, can provide competitive advantages by potentially expanding diversity and introducing new perspectives to address existing and future challenges.
Losses and preparedness
Just over a third of respondents suffered a loss due to the risks in the top ten, while nearly three-quarters have plans in place to respond to them.
-
36%
average percentage of respondents who indicated risks in the top ten contributed to a loss for their organization in the 12 months prior to the survey.
Source: Aon's 2023 Global Risk Management Survey
-
74%
average percentage of respondents who stated their organizations have set up a plan to respond to risks in the top ten.
Source: Aon's 2023 Global Risk Management Survey
Future Risks
Respondents from the UK ranked artificial intelligence (AI) as the number three future risk, higher than any other region surveyed. Indeed, the UK has been at the forefront of regulating the use of AI within the country, beginning with a policy paper on the topic published in July 2022 and followed up with a March 2023 white paper proposing a national AI regulatory framework based on five broad principles around safety, transparency, fairness, accountability and redress. Building on these efforts, UK Prime Minister Rishi Sunak convened an international AI safety summit in November 2023, at which representatives from 28 nations, including the US and China, signed the Bletchley Declaration—a document acknowledging and warning of the potential dangers posed by “frontier” AI systems.
Top 10 Future Risks: United Kingdom
- Cyber Attack or Data Breach
- Economic Slowdown or Slow Recovery
- Artificial Intelligence (AI)
- Climate Change
- Failure to Attract or Retain Top Talent
- Failure to Innovate or Meet Customer Needs
- Geopolitical Volatility
- Regulatory or Legislative Changes
- Cash Flow or Liquidity Risk
- Environmental Social Governance (ESG) and Corporate Social Responsibility (CSR)
And, like cyber attacks or data breaches (the UK’s number one future risk) in the early days of the internet, AI risk is difficult to quantify. UK respondents are aware that AI will have major implications for business, but its practical applications and potential competitive advantages are largely ill-defined, and expert commentary on its potential dangers is both ominous and louder than any discussion about the benefits of AI. As was the case with cyber risks, effective strategies for assessing AI vulnerabilities will emerge over time. Those organizations that approach AI risk management by taking its applications and implications into account on an organization-wide basis will be best positioned to create effective mitigation and risk transfer strategies.
Again, the UK was unique among regions surveyed, placing climate change in its top 10 future risk list, at number four. Uncertainty around how potential regulatory changes may affect climate-related efforts and objectives is likely part of why respondents moved this risk up six places in their future top 10. Other reasons for respondents’ concerns could include falling behind on their climate strategies or regulatory compliance. Some respondents may anticipate that climate efforts will need to accelerate rapidly as 2050 (the targeted deadline for global net zero) grows nearer, exacerbating existing pain points stemming from talent shortages and cost and increasing risk.
Failure to innovate or meet customer needs remains in the UK’s top 10 future risk list, at number six. The persistence of this risk can in part be attributed to organizations’ need to adapt to carbon-neutral strategies. Customer and shareholder demands for green products and policies and digital convenience and capacity continue to evolve, and businesses that have not digitalized are suffering the most. Remaining ahead of the competition requires innovation and that requires investment and talent, both at a premium in the UK. And the UK’s workforce is aging: people aged 50 or older make up more than one third of the nation’s total workforce and a record-high 42 percent of the part-time workforce. The national employment rate of people aged 50 to 64 increased in 2022, while the rate for people aged 35 to 49 decreased, according to data released in September 2023. Respondents clearly expect these conditions to continue, ranking economic slowdown or slow recovery and failure to attract or retain top talent at number two and number five in the future, respectively.
How Can Organizations in the United Kingdom Mitigate These Risks Effectively?
For many risks—including failure to attract or retain top talent and failure to innovate or meet customer needs—organizations can build risk resilience and effective mitigation by identifying the skills they have and the skills they need, now and in the future, and developing a plan to the close gaps and cultivate the expertise they need to manage risk. Building resilience pays off during times of economic volatility and high operating costs. Organizations with a sustainable workforce, stronger liquidity and a better reputation are likely to be better positioned to respond to challenges compared to less-prepared companies.
Any plan to build resilience should include mitigating risks related to regulatory compliance. In the UK, organizations would be well served by auditing their pay to ensure that it is equitable and holds up to scrutiny under EU pay transparency reporting regulations, which require employers to publish pay ranges for roles in their organization. This risk can be greatly mitigated by analyzing an organization’s pay ranges against available information for equalizing them and closing any gaps.
While some organizations focus largely on insurable risks, these may not necessarily be their biggest risks. Quantifying and mitigating risks that are uninsurable or only partially insurable, like damage to brand or reputation and cashflow or liquidity risk, is key aspect of a successful risk management program and can help to increase resilience. Additionally, viewing risk as a net negative can also limit opportunities. Organizations that have a strong understanding of their exposures and the associated upside and downside of those risks will be able to make better decisions and take advantage of potential opportunities.
General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent, or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss caused by reliance on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.
FP.NAT.1333.SEC
Related Products & Solutions