The survey asked senior leaders, from board directors and chief executives, GCs, as well as other senior C-Suite executives, including CFOs, CIOs, COOs and CROs, asking them to assess the greatest risks impacting their businesses in the next two to three years.

Top risks

When asked about the most concerning high-impact risks facing their businesses moving forward, people challenges – that is, recruiting and retaining staff due to record vacancies and high competition for talent, succession planning, and fears of skills shortages that will affect long-term planning – were the most cited risks.

Nearly seven in 10 (69 per cent) ranked people challenges as a high or very high impact risk, and 30 per cent of C-suite respondents suggested they were not prepared for this risk.

Clyde & Co partner Heidi Watson said: “Not only have businesses had to cope with the risks that came from the unprecedented shift to remote working, they are now adjusting to new working models while facing a skills shortage as economies bounce back but the workforce takes time to adjust.

“There will be more focus on workplace culture, training and development as employers seek to attract and retain talent. Meanwhile, the focus on wellbeing and mental health that came from the pandemic and was identified in the survey has been a positive step, and businesses will be assessing how they can implement new processes and systems to ensure they manage the impacts on individuals and their organisations.”

Almost two-thirds (64 per cent) see increased regulatory and compliance burdens as a foremost risk, with 70 per cent of general counsel believing that dealing with an increasingly regulated global business environment will have a high impact on them and their legal teams, more than any other risk in the coming two to three years.

VIEW ALL

“Not only are laws and regulations more complex, but regulators are increasingly taking enforcement action and baring their teeth with bigger fines,” said Clyde & Co partner Rachel Cropper-Mawer.

“The scale of this challenge can be clearly seen in the various data protection laws, increasing number of strict liability corporate offences, laws requiring transparency of ownership of property and control of companies, and ESG laws unique to specific jurisdictions that have emerged over the last few years and the huge business costs of compliance. Regulators are also not averse to bringing criminal charges against organisations and individuals.”

Elsewhere, technology is seen as a high-impact risk by more than half (54 per cent), including, but not limited to, as IT disruption, data loss issues, and implementation of new technologies.

Clyde & Co partner Dino Wilkinson noted: “Digital transformation hit top speed during the COVID-19 pandemic as traditional businesses were forced to urgently adapt to new ways of working. The result is that organisations have confidence in further digitalisation and the positive impact it can have on their businesses.

“However, this is tempered by concern about some of the risks involved, including cyber threats and increased regulatory compliance challenges.” 

Preparedness for high-impact risks

On the flip side, there are numerous high-risk issues that boards, GCs and C-suite professionals feel unprepared for. Thirty per cent said that they are not yet prepared for climate change-related issues (which includes climate change liabilities, natural disasters, and energy transition).

GCs are grappling, the global firm wrote, with how they should identify, assess, and manage climate-related risks; and what metrics and targets they will use.

Clyde & Co partner Nigel Brook said: “There has been intense scrutiny on governments, regulators and businesses over the past year in relation to climate change, not least as the recent COP26 summit has forced the issue up the global agenda.

“The importance of good governance cannot be overestimated. Putting climate risk awareness at the heart of decision-making and embedding it into both strategy and culture at all levels of an organisation is crucial. Since achieving net zero will require significant investment as well as regulation, this could create major opportunities for businesses, as well as risks they need to be very alive to.” 

Complexity and importance of risk management

Survey respondents all agreed that the risk landscape has become so complex and demanding that companies will need to develop new methods of risk management.

Nearly eight in 10 (79 per cent) said the risk landscape is more complex than two to three years ago. A further 69 per cent said that risks such as the pandemic and climate change would require new approaches to address and manage the risks.

Elsewhere, 67 per cent said that the pandemic means that risk management activities would play a more active role, 50 per cent said that competitive pressures are increasing the risk appetite, and 40 per cent think it is harder to identify risks than it was just a few years ago.

Winmark research director John Madden said: “The risk landscape in the last 12 months has been increasingly fast-moving and unpredictable, with the pandemic testing the agility and resilience of all organisations.

“Leaders are having to reframe and rethink their working practices and the purpose of their operations which will result in new ways of managing and adapting to known and unforeseen risks.”