Top Risks Facing Organizations in North America

Current Risks

Inflation, interest rates and tightening lending conditions remain key considerations for organizations in North America. The U.S. and Canadian economies remain resilient overall, with the U.S. economy expected to exceed pre-pandemic levels in 2023. But activity is slowing, in part because of the impact of tightening monetary policy designed to bring inflation under control. Heightened geopolitical tensions also pose a threat to the global economy that could have knock-on effects on the region. Tight labor supply, the side effect of a robust jobs market, presents a challenge to firms looking to grow. Concerns of the knock-on effects of inflation and higher interest rates have driven up operating costs as well as the cost of capital, with consumer use of credit at record levels.

Top 10 Current Risks: North America

1. Cyber Attack or Data Breach
2. Failure to Attract or Retain Top Talent
3. Economic Slowdown or Slow Recovery
4. Supply Chain or Distribution Failure
5. Business Interruption
6. Regulatory or Legislative Changes
7. Damage to Brand or Reputation
8. Failure to Innovate or Meet Customer Needs
9. Workforce Shortage
10. Cash Flow or Liquidity Risk

North American respondents to our Global Risk Management Survey (GRMS) ranked cyber attack or data breach as the number one current and future risk for the region in both 2021 and 2023, highlighting the importance of this risk for business leaders in the region. Boards and insurers are demanding that businesses demonstrate a keen understanding of the potential impact of a cyber event. But because cyber risk is such a complex and fast-moving risk, many organizations struggle to keep up with the trends and tactics of threat actors. Technology has played a central role in enabling business development — and economic growth — in the region. However, this expanded dependency on technology has created an enlarged digital attack surface with more potential security vulnerabilities for bad actors to exploit. Cyber attacks can not only compromise a company’s data and intellectual property, but also cause business interruption (the number 5 risk in 2023) and reputational and brand damage.

And damage to brand or reputation (ranked seventh) can be devastating to an organization struggling with the two people-related risks in the region’s top 10: failure to attract or retain top talent (ranked second) and workforce shortage (ranked ninth). Persistent low unemployment has led to ongoing staffing shortages and intense competition for skilled workers. Under these conditions, an organization’s employee value proposition and overall reputation are vital to attracting and retaining employees.

Apart from the pandemic period, the U.S. workforce has the lowest participation rate¹ since 1978; experts cite various reasons for this trend, from an aging workforce, lower immigration, weak population growth, deaths from COVID-19, increased pursuit of higher education among young people and lack of access to child and elder care. Indeed, two sectors vital to supporting U.S. workers—childcare and elder care—have not rebounded to pre-pandemic staffing or, consequently, levels of service. Those services that are available are often not affordable for working adults and a federally funded childcare stabilization grant that affected an estimated 220,000 childcare centers and 9.6 million children expired at the end of September 2023.

Staffing shortfalls pose especially significant risks to growth for industries such as healthcare that require highly skilled labor. In fact, an estimated 100,000 registered nurses left the U.S. healthcare industry during the pandemic due to stress, burnout or retirement—the same reasons more than 600,000 others recently reported they intend to leave the industry by 2027. But nurses are not the only professionals dissatisfied with their employment experience: the pandemic amplified job dissatisfaction as workers across sectors reassessed their life goals and focused more intently on work-life balance.

In fact, the broader impact of the region’s economy are increasing pressure on employees and employers alike. Financial insecurity driven by persistent inflation, high interest rates and costs for essentials like housing, health care, and education is growing—reflected in North American respondents’ ranking of economic slowdown or slow recovery at number three in 2023, one spot higher than in our 2021 survey.

Supply chain and distribution failure also moved up in the region’s top 10 risk list: from number six to number four. Combined with business interruption (ranked fifth), this highlights how maintaining production levels is a central focus for organizations. Supply chains linked to Asia continue to be a concern for many businesses, prompting local production initiatives that have been slowed or otherwise impacted by the increased cost of capital. And yet only 40 percent of respondents report their organizations having evaluated the resiliency of key suppliers, illustrating the intractability of supply chain challenges.

While climate change does not appear in the region’s top 10 risk list, it is likely a driver of respondents’ concern over regulatory or legislative changes, the number six-ranked risk. Organizations are closely watching as climate-related legislation is implemented and developing strategies to respond to the many risks posed by the transition.

Underrated Risks

With insurers focused on catastrophe loss risk and regulatory changes that will create transition risks for many organizations, it is surprising that climate change was not ranked among North America’s top 10 risks—particularly considering the scale of natural disasters in the region. Record-breaking wildfires in Canada burned 18.4 million hectares in 2023, posing grave risks to life, environmental damage and health hazards, as well as a considerable negative impact on the economy. The hardest-hit industries included mining and quarrying and rail transportation.

Increased volatility poses a monumental challenge as North America and the rest of the world strive to address the immediate impacts of climate change and prepare to mitigate and respond to future impacts. Organizations should employ a multi-pronged approach that aims to reduce both physical and transition risks arising from climate change while taking advantage of the opportunities that a shift to a carbon-neutral economy offers. Further, organizations are expected to move toward more environmentally friendly ways of doing business and set targets to measure their progress.

In addition to existing and proposed regulatory requirements around climate, the widespread backlash against environmental, social and governance (ESG) policies in the U.S. highlights the critical importance of properly planning and executing company policies and disclosures on ESG and corporate social responsibility (CSR), another underrated risk. Numerous news stories of companies sued or otherwise pressured to take specific steps to address climate change appear side-by-side with equally ubiquitous stories of companies facing political, investor and consumer opposition to their ESG pledges and disclosures.

Climate and social governance are not the only areas in which businesses face varied and opposing pressures. And yet, even though artificial intelligence (AI) is being leveraged at an increasingly rapid pace, as well as being covered and debated across the media,, AI was only ranked as the number 42 risk in the region. That AI moves up to number 15 on the future risk list indicates that many organizations have not fully realized the potential of this disruptive technology let alone fully understood the breadth of its risk implications.

The potential risk impacts of AI go far beyond new and sophisticated cybersecurity threats. AI could engender legal issues, brand exposures, and amplify human capital risks. The velocity and potential severity of risk from AI is growing so rapidly that it will likely have major implications in the very near future. The current lack of guardrails around AI’s use is a big topic of discussion in executive committees and boardrooms. Risk leaders should take note of the momentum and lean into these discussions to shape the direction of risk management strategies.

Future Risks

The high rankings for failure to attract and retain top talent and workforce shortage—the number two and four future risks, respectively—are likely driven by an understanding that current demographics and macroeconomic conditions will persist.

Top 10 Future Risks: North America

1. Cyber Attack or Data Breach
2. Failure to Attract or Retain Top Talent
3. Economic Slowdown or Slow Recovery
4. Workforce Shortage
5. Regulatory or Legislative Changes
6. Failure to Innovate or Meet Customer Needs
7. Cash Flow or Liquidity Risk
8. Supply Chain or Distribution Failure
9. Business Interruption
10. Increasing Competition

Climate change, though an underrated future risk, moved up very slightly in the rankings from number 27 to number 22. This indicates respondents appreciate the current regulatory emphasis on climate as well as the changing weather patterns affecting a growing number of stakeholders, including governments, regulatory bodies, shareholders, employees and consumers. All stakeholders are holding organizations increasingly accountable for their roles in contributing to or combating climate change. As a result, climate risk has emerged as a prominent investment issue.

One emerging AI technology, generative AI, has the potential to add the equivalent of $2.6 trillion to $4.4 trillion annually to the global economy. However, rapidly adopting any new and disruptive technology like AI means that any opportunities also transform the enterprise risk landscape. AI will introduce new risks for many companies and change the severity and velocity of many existing risks, including but not limited to cyber, errors and omissions (E&O), employer liability, intellectual property, crime, property damage and business interruption. To help add value to their organizations’ enterprise AI strategies, risk managers must understand the liabilities and insurance implications of AI use cases across their digital value chains.

How Can Organizations in North America Mitigate These Risks Effectively?

Evolutions in top risks such as cyber, supply chain disruption and business interruption are changing the way insurers leverage data, which in turn means that organizations have to be more responsive to mitigate their top risks. For example, climate modelling will likely soon be considered a must-have for any property investment. Additionally, although North American respondents ranked supply chain or distribution failure and business interruption in their top five current risks, only 40 percent reported their organizations had taken any measures to test or improve the resiliency of their key suppliers.

One strategic approach that can help organizations in the region address both economic slowdown or slow recovery and supply chain or distribution failure (their number three and four ranked risks, respectively) is diversification. Diverse investment strategies, supply chains and customer bases can help organizations withstand both macroeconomic and geopolitical volatility. Increasing cash reserves and modifying capital strategies can ensure continuity in meeting financial obligations while higher liquidity can enable greater flexibility. Both approaches can help an organization to prioritize investments to shore up supply chain resilience at the same time as developing new products and revenue streams.

Several other risks are related to North Americans’ closely linked number one, five, and seven ranked risks: cyber attack or data breach, business interruption and damage to brand or reputation, respectively. Geopolitical volatility is a major contributor to cyber threats against both public and private entities in North America. Several global, U.S. and Canadian government agencies have issued advisories about increased attacks and —illustrating cyber’s connection to the region’s number six ranked risk, regulatory or legislative changes — in July 2023 the U.S. Securities Exchange Commission announced new disclosure requirements around cyber security risk management, strategy and governance for publicly traded companies.

Although the factors contributing to cyber risk are varied, mitigating their impact is best achieved through a holistic, proactive approach that combines risk identification and assessment, risk mitigation, response preparation and recovery and risk transfer mechanisms. Using this approach will help organizations successfully navigate compliance with regulatory and underwriting requirements and build robust cyber resilience.

Cyber risk also touches upon workforce-related issues, including workforce shortages, failure to attract and retain top talent and failure to innovate or meet customer needs, all of which feature prominently in the region’s top 10 current and future risks. Organization-wide cyber defense training and a robust cyber culture are key to combating inside threats and building cyber resilience. But organizations will need to focus on improving the overall resilience of their current workforces to combat all talent-related risks. This can be addressed in part with improved health and wellness programs, creating a more accommodating workplace and responding to injuries and illnesses more effectively, regardless of whether they are occupational or non-occupational in origin.

Organizations should use data to articulate total rewards strategies and comprehensive employee value propositions (EVPs) that attract the right types of talent and are differentiated from their competitors’. EVPs and rewards must also be flexible and customizable to meet the needs of a diverse workforce. Research to inform these strategies should include direct feedback from existing workers and, if possible, potential candidates. EVP development should focus on key areas that are important to employees: talent development, culture, compensation and benefits. In the U.S., reigning in rising healthcare costs, while rated lower on the list of future risks, will be an important element of optimizing total rewards spend to deliver on the EVP.

¹ According to the U.S. Bureau of Labor Statistics, the labor force participation rate reflects the number of people aged 16 and older who are either employed or who are actively seeking employment. https://www.bls.gov/cps/definitions.htm#lfpr

General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent, or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss caused by reliance on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.