Board members and C-suite executives around the globe are most concerned in 2021 with risks associated with COVID-19-related government policies and regulations, economic conditions that may restrict growth and market conditions that may continue to impact customer demand, according to a new survey from Protiviti and North Carolina State University. Amid these near-term headwinds, when asked about top concerns through 2030, business leaders cite challenges that ultimately ladder up to talent. High ranking risks – including the adoption of technology that requires new or upgraded skills, rapid innovation that threatens business models and the reimagining of creative strategies – point to a need to attract and retain top talent and invest in reskilling and upskilling workforces to ensure agility and resilience in the future. 

The annual survey, this year titled "Executive Perspectives on Top Risks for 2021 and 2030," was conducted by global consulting firm Protiviti and North Carolina State University Poole College of Management's Enterprise Risk Management (ERM) Initiative. In its ninth year, the survey was conducted following the November 3 U.S. elections to reduce the influence that an uncertain outcome could potentially have on survey results. The study surveyed over 1,000 (1,081) board members and C-suite executives from organizations in a variety of industries and in all regions around the globe.

The Top 10 Risks for 2021 
Survey respondents were asked to rate 36 macroeconomic, strategic and operational risks, including new risks that emerged this year related to the COVID-19 pandemic and social justice. The top 10 risks identified for 2021 are as follows:

  1. Pandemic-related policies and regulation impact business performance 
  2. Economic conditions constrain growth opportunities 
  3.  Pandemic-related market conditions reduce customer demand 
  4. Adoption of digital technologies require new skills or significant efforts to upskill/reskill existing employees 
  5. Privacy/identity management and information security 
  6. Cyber threats 
  7. Impact of regulatory change and scrutiny on operational resilience, products and services 
  8. Succession challenges, ability to attract and retain top talent 
  9. Resistance to change operations and business model 
  10. Ability to compete with "born digital" and other competitors

"More than ever, 2020 demonstrated that organizations can no longer afford a reactive approach to risk management. Pandemic risk loomed on the horizon for a long time – it was a matter of 'when,' not 'if,'" said Jim DeLoach, a Protiviti managing director and co-author of the report. "Business leaders must be vigilant in scanning for emerging issues and make actionable plans to adjust their strategies and business models while being authentic in fostering a trust-based, innovative culture and the organizational resilience necessary to successfully navigate disruptive change. Digitally mature companies with an agile workforce were ready when COVID-19 hit and are the ones best positioned to continue to ride the wave of rapid acceleration of digitally driven change through the pandemic and beyond."

Consistent with the survey's findings in previous years, data security and cyber threats again rank in the top 10 risks for both 2021 and 2030. The continuously evolving nature of cyber and privacy risks underscores the need for a secure operating environment in which nimble workforces can regularly refresh the technology and skills in their arsenal to remain competitive.

"If there's any risk that all organizations across industries and geographies must maintain focus on, it's cybersecurity and privacy," said Patrick Scott, executive vice president, Industry Programs, Protiviti. "While the areas that businesses will need to address may change as they transform their business models and increase their resiliency to face the future confidently, cybersecurity and privacy threats will remain a constant and should be at or near the top of the list. These threats have been top risks for quite some time, and they aren't going away."

The Top Risks for 2030
New for this year's survey, respondents also rated the expected impact of the same 36 risks on their organizations in 2030. The risk landscape of 2030 presents a markedly different picture, according to survey respondents who identified the following as the top 10 risks for 2030:

  1. Adoption of digital technologies may require new skills or significant efforts to upskill/reskill existing employees 
  2. Impact of regulatory change and scrutiny on operational resilience, products and services 
  3. Rapid speed of disruptive innovation outpace our ability to compete 
  4. Succession challenges, ability to attract and retain top talent 
  5. Privacy/identity management and information security 
  6. Substitute products or services arise that affect our business model 
  7. Sustaining customer loyalty and retention become more difficult as customer preferences and demographic shifts evolve 
  8. Ability to compete with "born digital" and other competitors 
  9. Inability to utilize data analytics and "big data" to achieve market intelligence and increase productivity and efficiency 
  10. Cyber threats 

Taking a decade-long view of the risk horizon, executives are concerned about the future of work, particularly when it comes to their organization's ability to adapt to emerging digital technologies and keep pace with the rapid speed of disruptive innovation. According to the survey results, an organization's ability to upskill and reskill employees as well as attract and retain top talent will be paramount to its risk management strategy in the decade ahead.

Dr. Mark Beasley, professor of Enterprise Risk Management and director of NC State's ERM Initiative and co-author of the report said, "Following a year of unprecedented adoption of digital tools across industries globally, businesses are facing heightened pressure to pivot to new skills, processes, products and services to meet evolving customer preferences, protect their brand value and remain competitive in an increasingly complex and automated world. One of the most important lessons that business leaders need to take away from 2020 is that they must prepare for a disruptive future by positioning their organizations to adapt and evolve with the speed of change."

The study's report also includes a call to action, offering executives and directors diagnostic questions to consider when evaluating risk assessment and risk management processes.