UK businesses are most concerned about economic and financial risk (43 per cent), cyber-risk (39 per cent) and people risk (38 per cent), according to a report by Marsh McLennan. But it is the inter-connected nature of such risks that has risen up the agenda. 

Analysis of each individual risk category revealed the way that those threats were deeply linked to other risks. For example, while cyber risk is generally high up the agenda in any risk survey, the actual risk to the business can change from year to year.

“A deeper dive into each risk reflects this interconnected story. Economic and financial risk, for example, reveals no single issue driving this concern,” the report said. “Similarly, people risk, which continues to be a top concern, combines various risk factors rather than a single dominant issue.”

Risk management

This finding was reflected in the actions businesses were taking to mitigate complex, fast-moving threats. While talent and retention was the main concern in the people risk category, for instance, organisations did not focused solely on pay and reward. Instead, they had also used technology to increase employee engagement.

“This holistic approach to risk management is a recurring theme throughout the report,” it said. “Through more joined-up thinking, UK business leaders are seemingly seeking to generate a snowball effect to drive efficiencies and growth.”

Response

Not all sectors had approached their top risks with the same level of focus. For example, while 86 per cent in the healthcare and pharmaceutical sectors had reviewed employee training, only 45 per cent of respondents in the food and drink sector had done so.

But the report expressed concern that businesses were not planning to build on their recent successes in managing key risks during the year ahead. For example, fewer than one third (29 per cent) of respondents planned to invest in cybersecurity controls and only 21 per cent planned to invest in mental health support.

“Allowing risk management efforts to drift is likely to make businesses less resilient to adverse events at a time when that resilience is vital to long-term success,” it said.