Rising boardroom concern over cyber and regulatory risk but supply chain overlooked

Cyber and regulatory risks have climbed the boardroom agenda at UK multinationals, but corporate and supply chain risks are still failing to register at firms across Europe, according to a new survey by CNA Hardy. The poll also reveals that although there is growing confidence among UK firms about their prospects, those in continental Europe are far more upbeat. CNA Hardy’s Risk and Confidence Survey examines business confidence and risk perceptions of 450 business leaders at UK multinational firms with operations in Europe. The poll has been carried out every six months since this time last year. For the first time, it has also sought the opinion of 50 business leaders at continental European firms. Those surveyed work for companies with turnover ranging between £5m and £1bn from nine different industries. The latest survey finds that cyber has become the leading c-suite risk concern at UK companies for the first time. One quarter of executives now rate cyber as their biggest risk concern, up from 14% when the poll was last taken six months ago. The figure rises yet again to 49% when leaders were asked how they might view the risk in the autumn. The results show a similar story at continental European firms, where cyber is rated as the biggest risk by 35% of leaders, rising to 46% in six months’ time. Interviewees said that last year’s high-profile cyberattacks raised awareness of huge cyber threats. In addition, regulatory risk, which has barely registered as a concern in previous surveys, now ranks as the second-most worrying risk for UK business leaders. CNA Hardy described this as the most “significant and unexpected” survey finding. Regulatory risk is viewed as the leading risk by 23% of UK survey respondents, up from 8% six months ago and rising to 32% this autumn. Regulatory risk is also the second ranked risk by respondents from continental European firms on 22%, rising to 41% in six months’ time. A worrying 60% of executives at European and UK firms said their organisation is not ready for the General Data Protection Regulation (GPDR) that comes into force next month, backing up figures from several other recent polls. The introduction of the GDPR this May, new gender pay gap regulations, changes to trade regulations after Brexit and the continued impact of the 2015 modern slavery rules were cited as key concerns for UK respondents. CNA Hardy said that while Brexit continues to polarise opinion among survey respondents in terms of its likely impact, in the short term it is a regulatory double whammy for UK companies. “British businesses must comply with current and pending regulation while also preparing for the upheaval that exit will necessarily entail,” it said. But while cyber and regulatory risks have risen to the top, corporate and supply chain risks are not gaining traction, the survey found. Only 10% of UK and 13% of European executives are prioritising corporate risk – defined as the risk of fraud, corruption, poor governance or pensions exposure. Even fewer, just 8% of UK and 7% of European executives, rank supply chain as their top concern. Patrick Gage, chief underwriting officer at CNA Hardy, told CRE that this lack of focus is a “bit of a surprise” but might be explained by the fact that there is only so much that top management can focus upon at once. “They have a lot on their plate with regulatory issues and cyber is in the news, so front and centre and registering in boardroom. We might therefore find more focus on these other two risks in six months’ time,” he added. Mr Gage said risk management has now become complex and fast moving for many businesses. Firms are devoting much resource to the twin dangers of cyberattack and data loss, while there is evidence they are turning operational and management resource towards the rising tide of regulatory risk, he explained. But he suggested that this lens is “perhaps too tightly focused”. “While firms may be working on the specific operational patches to manage these challenges, they are not yet following through to see how it can affect and increase supply chain risk or their overall corporate risk. We believe the risk environment is moving too fast for many businesses to keep up,” he said. Dave Brosnan, CEO of CNA Hardy, welcomed the new focus on regulatory risk but remains concerned that supply chain and corporate risks are failing to register among the c-suite. “In our last Risk and Confidence Survey, we highlighted how companies’ failure to recognise a trio of boardroom risks – corporate, regulatory and supply chain – was threatening growth plans. In this report, we are pleased to note that companies have recognised regulatory risk. However, they are still not giving corporate and supply chain risk the attention they deserve. Only 8% of business leaders rate supply chain as their top risk today and businesses consistently fail to rate supply chain as a top concern. This is in spite of the fact that the triggers for supply chain disruption are growing ever more numerous and severe, and causes of supply chain failure can range from local weather to global politics,” he said. They survey also shows that UK business confidence remains muted despite improving during the past six months. Confidence at continental European firms is far higher, while large firms are more upbeat. All firms are prioritising growth in their own domestic or regional markets. Just under half – 42% – of UK executives are confident in their firms’ ability to grow and prosper, a rise from 28% six months ago but still well below the 70% level seen this time last year. CNA Hardy said that ongoing economic and political stability are supporting this uplift. However, underneath the confidence, caution prevails. Almost one third of UK business leaders – 30% – are cautious about the operating environment. This is three times more than at any point in the past year, with 80% characterising it as moderate to high risk. “UK business leaders’ sentiment is clear. While stability has brought something of a recovery of confidence, companies remain cautious, because they see serious issues on the horizon, including Brexit, the UK’s current slow economic growth, and the possibility of a global trade war. In this environment, companies are worried about a wide range of risks, and will need, more than ever, to manage their own risk profile with care and caution,” said Mr Brosnan. The survey also shows that European business leaders are clearly more positive about their prospects than their UK counterparts. More than three quarters of those in Europe (76%) are currently confident. “It is loud and clear that European companies are much more confident now as well as in six months’ time. One can’t help but think this is very much driven by Brexit,” said Mr Brosnan. Mr Gage added: “There is no doubt in my view that Brexit is dominating this. We had the snap UK election last summer that created more uncertainty, rather than less. So, I think that is why UK confidence took a dive. It has ticked up again. “I think UK companies are beginning to feel there is a bit more certainty and maybe even more so since we took the poll in January and February. I think European firms have more confidence because they have a stable trading environment within the EU, while the UK does not at the moment,” he continued. The research also shows that large companies are markedly more confident about their prospects in six months’ time than smaller firms, with the healthcare, technology and life science sectors most upbeat. “Large companies with revenue greater than £1bn are more confident than [mid-sized] and small companies. We think that is driven by resourcing. Large companies have the resources to navigate through the growing and increasingly complex risk environment. In addition, healthcare, tech and the life science sectors are most confident. A lot of that has to do with the nature of those businesses. They are used to navigating through a changing environment, particularly from a regulatory [standpoint],” said Mr Brosnan.

Rising boardroom concern over cyber and regulatory risk but supply chain overlooked

Want to read this article?

Read Next

Insurtech partners with USAID on climate adaptation programme

ICEYE in data collaboration with Juniper Re on flood and wildfire

Senior appointments in Lockton’s crisis management team

European rates up overall but financial and cyber lines falling: Marsh

European Parliament approves regulation to tackle forced labour

Insurtech partners with USAID on climate adaptation programme

ICEYE in data collaboration with Juniper Re on flood and wildfire

Senior appointments in Lockton’s crisis management team

European rates up overall but financial and cyber lines falling: Marsh

European Parliament approves regulation to tackle forced labour

Want to read this article?

Read Next

Insurtech partners with USAID on climate adaptation programme

ICEYE in data collaboration with Juniper Re on flood and wildfire

Senior appointments in Lockton’s crisis management team

European rates up overall but financial and cyber lines falling: Marsh

European Parliament approves regulation to tackle forced labour

Related Articles