Skip to main content
Opens in a new tab External site
Hero banner Banner
NINTH EDITION

Global Risk Management Survey

Download Australian Results View Global Report Contact Us

Australian Results

Aon’s Global Risk Management Survey assesses business leaders’ attitudes towards risk and risk management. In 2023 – Aon’s ninth survey – results from Australian respondents show the increasingly interconnected nature of risk, with traditional business risks and people risks converging to create significant challenges.

Top 10 risks facing Australian organisations

When we conducted the Global Risk Management Survey in 2021, the world was still reeling from the pandemic. The 2023 survey results show us that while organisations have rebounded, the impacts of the pandemic are still being felt with challenges such as supply chain risk and workforce shortages featuring in the top ten. Major project failure is also a risk with many organisations undertaking significant transformation projects to meet the new demands of its workforce and to remain competitive in a changed environment.

  1. Cyber Attacks/Data Breach
  2. Regulatory/Legislative Changes
  3. Failure to Attract or Retain Top Talent
  4. Economic Slowdown/Slow Recovery
  5. Damage to Reputation/Brand
  6. Business Interruption
  7. Supply Chain or Distribution Failure
  8. Workforce Shortage
  9. Major Project Failure
  10. Cash Flow/Liquidity Risk

Adapting to new realities

Beyond the residual impacts of the pandemic, there's a clear indication of a more profound change in both work practices and the nature of risks that need attention. For instance, cyber risk, consistently in the top ten since 2015 has now been ranked the number one risk facing Australian organisations for two consecutive surveys.

Cyber risk brings to the forefront the rapidly evolving and changing nature of the operating environment. It’s not just the types of attacks – the increased sophistication and expansion beyond data breaches to operational disruptions – but the potential for widespread commercial impacts at significantly increased velocity. Even organisations that do not hold large amounts of personally identifiable information are still vulnerable to cyber attacks on their operational infrastructure, with the recent disruption to DP World a recent example of this.

Many organisations are still on the journey to understanding the full scope of cyber risk for their organisation. Potentially compounding the issue, are legacy infrastructure and systems, which make it harder to gather the data and insights so essential for an adequate assessment of the risk. In addition, the siloed nature of many organisations can create blind spots between Chief Information Officer, Chief Risk Officer, and Chief Executive Officer.

There are often varying levels of cyber expertise across different business units within an organisation, which adds complexity for risk and people managers. We anticipate more organisations will need to seek assistance to quantify, understand and protect against the associated business interruption and reputational risks of a cyber attack.

Aligning human capital and risk

As organisations navigate today’s new reality, the role of human capital becomes increasingly critical, both in contributing to, and mitigating top-tier risks. Failure to attract and retain top talent has reappeared in third spot after a six-year absence from the top 10. The current environment of low unemployment is a key driver, however, there are additional structural issues at play that require consideration.

A multi-generational, more diverse workforce is testing organisations to move away from traditional solutions and rethink what the workplace means to today’s employees. From 1 April 2024, the Workplace Gender Equality Amendment (WGEA) legislative reforms introduces new reporting requirements for private and public sector organisations in Australia with 100+ employees. There is likely to be significant impacts particularly in terms of attracting and retaining talent and a clear link to reputation risk.

The rise of talent into the top three is indicative not only of the need to attract and retain talent for existing roles, but also to fill the emerging skills gap critical to managing evolving risks, for example in areas such as cyber, AI and climate change. Without connected thinking from people both internally and externally organisations will fail to keep pace with a rapidly evolving environment.

Explore the Global Results

Companies are grappling with traditional risks in new guises across both risk and human capital. How can business leaders best prioritise and respond to them?

View Global Report

Effective crisis management critical to commercial outcomes

Damage to brand and reputation ranked at number five in the 2023 survey and has been nominated as a top 10 major concern in all previous surveys dating back to 2007. Aon research1 shows that there can be significant risk of destroying shareholder value if a crisis is managed poorly. While a crisis can present an opportunity to increase value if handled well, out of 340 major global crises over the last 40 years, those public organisations whose shareholder value increases 12 months after the initial event are outnumbered two to one when compared to those whose shareholder value decreases over the same time period. This research highlights an unwillingness, and perhaps an inability, to effectively prepare for a crisis. The handling of notable cyber attacks over recent years provides a vivid example of why organisations need to understand the drivers and have mitigation strategies in place to manage reputational risk.

Uncertainty is an ongoing feature for Australian organisations

Finally, we see the impact of ‘evergreen uncertainty’. The risk of an economic slowdown has always ranked highly, but this year organisations are facing increasing uncertainty driven by interest rates, market volatility and geopolitical risk. Closely linked to this is cashflow/liquidity risk; with this year’s interest rate increases it is not surprising to see this risk hovering in the top ten.

Top five risks facing Australian organisations in the future

It is clear that many of today’s top 10 risks are mirrored in what organisations are concerned about for the future.

  1. Cyber Attacks/Data Breach
  2. Regulatory/Legislative Changes
  3. Economic Slowdown/Slow Recovery
  4. Workforce Shortage
  5. Failure to Attract or Retain Top Talent

Unsurprisingly, cyber remained as the number one risk going forward based on respondents forward looking views to 2025. In two years’ time we expect to see organisations becoming more active in the management and justification for the data they hold, in part driven by changing regulatory requirements, but also being more proactive with self-insurance strategies.

Survey respondents expect regulatory risk to remain a priority. This risk has featured in the top 10 for more than 15 years. The increasing complexity of managing regulatory risk across multiple jurisdictions is a key driver. We also believe that an organisation’s social licence to operate – particularly important to sectors’ such as resources and financial institutions – will come under increased scrutiny and thus elevate a range of new, related, risks facing leaders in the years to come.

In addition, respondents don’t see a quick end to workforce shortage risk. It may be that organisations are still dealing with the pandemic upheaval in this area. The attraction and retention of top talent is also forecast to remain in the top five. We consider the ongoing priority of DEI including regulatory demands in areas such as gender pay equity as contributing to this ranking in the future. The increased scrutiny by potential talent of an organisations’ ESG performance and overall EVP will see talent remain as a key challenge.

While risks such as climate change, natural disasters and ESG corporate responsibility didn’t make the top ten in 2023, their influence is undeniable in higher ranked risks such as regulations/legislation, business interruption, supply chain and major project failure, further highlighting the growing interconnectivity of the risk landscape.

In our view current outliers to keep an eye on include artificial intelligence (currently ranked 55) where we see significant risks for organisations who don’t embrace it quickly and correctly. Intellectual property is another area we see as growing in importance, with intangible assets now being valued more highly than tangible assets on balance sheets. The potential theft or erosion of ideas, trade secrets, trademarks and brand are growing threats.

What do the results mean for organisations in Australia?

It’s challenging to be a successful business leader in today’s world. The way we make decisions is changing, against a backdrop of an increasingly volatile global economy and ever-shifting corporate priorities. The responsibilities are growing but come down to two fundamental questions: How do I protect my organisation from risk and volatility and how can I continue to grow the business? Now more than ever, clarity and confidence are required to make better decisions.

A new operating environment means adapting new risk mitigation strategies. Organisations will need to have risk mitigation or risk transfer solutions available for risks they can't retain themselves, such those related to IP or natural disasters. Aon has worked with many organisations to help define risk strategies and find partners who can help to underwrite these exposures through both alternative and traditional methods.

1 Aon, 2023, Respecting the Grey Swan

Better Decisions Start Here

Have a question? Please complete the form below and a member of our team will be in touch.
Fields marked with an asterisk (*) are required.

Aon and other Aon group companies will use your personal information to contact you from time to time about other products, services and events that we feel may be of interest to you. All personal information is collected and used in accordance with our privacy statement.

Please click here to manage your communication preferences.