Once again, following up on yesterday’s news item – “Health, Safety Risks Are Top of Mind for Boards, Global Survey Show” – this D&O Survey, which elicited more than 900 responses from 52 countries around the world, provides valuable insights into the risks that are of concern to corporate directors and officers.

Notably, says the report, “social risks have climbed the ladder, with health and safety risks being considered a very or extremely important concern for 84% of respondents, up from an average of 45% over the previous three years. It now represents the number one overall concern, up from number five last year, knocking cyber-attacks off the top spot, where it has been for the last three years.”

The report notes that concern about cyber risks does, however, come in at a close second. “Cyber risks are ever-evolving and with the availability of artificial intelligence (AI) tools, cyber threat actors are beginning to integrate AI into their operations, particularly in reconnaissance and social engineering, according to the latest report by the National Cyber Security Centre. This, they say, will make such attacks more potent and challenging to detect and, potentially, lowers entry barriers for novice criminals, contributing to the global ransomware threat.”

Cyber risk goes hand in hand with the number four concern – data loss. “With the GDPR having been in force for a few years now, plus reformed regimes in many other jurisdictions, companies and D&Os have witnessed the significant fines that can be issued by data protection authorities following a breach and the law is still developing on claims from data subjects. In addition, the first party costs following a breach can be considerable and reputational risk is high.”

Regulatory actions from financial regulators for cyber systems and controls failures can also be added to the risk landscape. A recent example in the UK is the £11.2m fine imposed on a company for cyber security breaches in 2017, which resulted in unauthorized access to millions of US, UK and Canadian citizens’ personal data. “In fact, this is in line with a trend we have witnessed in recent years for financial regulators to impose significant fines for a range of systems and controls failings,” the report says.

It is no surprise, therefore, “that concerns about systems and controls are a new entry in the top seven risks list. Boards are expected to be on top of this issue and the Financial Reporting Council’s (FRC) recently revised UK Corporate Governance Code, which will apply to financial years beginning on or after 1 January 2025, focuses significantly on internal controls. The main substantive change is that boards now must explain through a declaration in their annual reports how they have covered all material controls – including financial, operational, reporting and compliance controls – and their conclusions.”

Regulatory risk, more generally, continues to be of concern and with good reason. “Whilst there are a host of regulators who are increasingly exercising their supervision and enforcement powers, all contributing to the regulatory space being a difficult one to navigate for D&Os, the largest activity emanates from financial regulators. D&Os are expected to lead a healthy culture from the top-down or face the consequences.”

Of interest is that, despite the global and increasing regulatory focus on Corporate Social Responsibility and ESG being a hot topic in the boardroom, once again climate change does not feature in the overall top seven risks. This, says the report, “continues to be a surprise as it is clear any disclosure requirements create liability for companies and their boards and how they tackle the issue of complying with their ESG requirements will be as big a liability as not complying or reaching targets.”

The list of the top seven risks reveals the various difficulties and challenges that D&Os encounter, which the report suggests could have serious implications for them. “To avoid and reduce these risks, it is essential to have effective risk management and appropriate systems and controls in place.”

Read all about it at The top seven risks – Global Directors’ and Officers’ Survey Report 2024 - WTW (wtwco.com).