Top 10 principal/material risks of 2023

4 min read
Feb 16, 2024

Compiling data to establish trends on the principal/material risks that other, relevant organisations are reporting on is time-consuming. We've collated data from over 2000 principal/material risks reported in 2023 and compared those to 2022 to establish —what were the top 10 principal/material risks of 2023?

With the support of our Risk Reporting Comparison Tool, an AI-powered, interactive database of trends from company annual reports, we have assembled the top principal/material risk trends in 2023, based on annual reports published by FTSE, ASX and other listed companies*. 
material risks 2023
Download the full Top Principal/Material Risks report
See the data behind the ranking below, with analysis of macro and granular trends

Most reported principal risks of 2023 vs 2022

material risks 2023

Download extra data and analysis, with examples of our taxonomy and specific risks mentioned under each category.

* This data includes FTSE, ASX and other listed companies. Although S&P 500 data has recently been added to the Risk Reporting Comparison Tool in response to a member priority, we've filtered it out for this ranking.

1. Talent 

As in 2021 and 2022, Talent remains the most reported principal risk by companies, accounting for more than 6% of all risks reported. For several reasons, many of which are outside organisations' control (e.g. the pandemic, a new generation of workers entering jobs), the workforce is changing. 

This creates a number of talent-related threats, for example:

  • A failure to retain, train and motivate skilled employees can result in them leaving the organisation, especially when there is so much competition from other companies;
  • Labour costs;
  • Strikes and worker shortages due to disputes with unions.
RRCT gif v2
Download more data
Top principal/material risks 2023 vs 2022


2. Cyber Security

With cyber threats constantly morphing and presenting new challenges for businesses, it is not surprising to see Cyber Security remain one of the top three principal risks for organisations.

Almost entirely a downside risk, the threats related to cyber security are multifarious:

  • A breach of private customer data, for instance, not only presents a risk in terms of regulatory pressure and demands for compensation but also significant reputational damage;
  • Cyber attacks that compromise and in some cases shut down information technology can also be catastrophic, especially where businesses rely on them to operate;
  • There are also third parties to consider. While an organisation can have the most secure systems and processes in place to deal with cyber attacks, crucial suppliers may not adequately protect data and strengthen their systems, causing a ripple effect if they can no longer be used by the organisation.

Risk Reporting Comparison Tool

RRCT gif v4

Created for: A number of Risk Leadership Network members who wanted to save time on their external validation in risk reporting.

Data included: Data and trends in the principal/material risks included in company annual reports from FTSE, ASX, Tadawul and S&P listed organisations.

Accessible by: An interactive database, available as one of the many bespoke resources created for Risk Leadership Network members.

Use to: Save time collating external data on principal/material risks, validate your approach, and sense-check your draft report.

Identify trends: Filter by sector, year or company. See which companies have changed their principal risks at the click of a button.

Find out more and request a demo on our website.

3. Business Strategy
Business Strategy saw a significant increase in 2023, as companies focus more on their long-term objectives amid a rapidly changing business landscape.

Here are some risk factors, related to Business Strategy, that companies have been focusing on in 2023:

  • A number of companies have highlighted that investments in low-carbon products and services, to meet climate action targets enshrined in their strategic plan, may not yield the expected returns for the organisation;
  • The accelerating pace of digitalisation and technological advance, including the development of tools like AI, may outrun the strategic plan and require significant adaption of the strategy;
  • The changing levels of demand from consumers across several industries are difficult to predict and may present a risk when delivering a long-term strategy.

Case Study: Saving time on annual risk reporting following a listing switch

The Risk Reporting Comparison tool is constantly evolving - each iteration in direct response to a member priority.

Take a look at how we worked with a major organisation to save time in their annual reporting following a listing switch - an example of one of the many bespoke solutions we provide to support members with their most pressing challenges.

4. Geopolitical

Geopolitical risks are incredibly difficult for businesses to mitigate against, as they are almost always external and can be hard to predict, requiring close monitoring. This, in turn, creates a need for specialist knowledge that may not exist within the organisation.

In terms of specific geopolitical risks that companies are highlighting in their annual reports, examples include:

  • A reliance on manufacturers based in foreign countries, which could be subject to trade restrictions (e.g. China);
  • Exposure to foreign currency fluctuation caused by wars, food shortages etc.;
  • Political instability in countries where the business is active.
RRCT gif
Download the data behind the ranking
And see analysis of macro and granular trends

Looking ahead - supporting CROs and heads of risk on risk reporting

We created the Risk Reporting Comparison Tool to help our members who raised 'saving time validating their external risk report' as a key priority. The tool is constantly evolving, each iteration in direct response to a member priority (e.g. adding S&P 500 company annual reports).

This is just one of the many ways that we're supporting members with their specific priorities surrounding risk reporting. Others include:

  • Bringing together risk and assurance reporting;
  • Engaging the board with risk reporting;
  • Embedding strategic risk thinking at a business unit level;
  • Facilitating better engagement with the executive committee on risk data presented to them;
  • Establishing thresholds for reporting risks to the ARC;
  • Benchmarking how risk leaders are reflecting the intersection of climate-related risks with other risks in their risk assessments;
  • Aligning risk management input and output with the organisation's decision-making calendar.

To discuss the bespoke solutions we're providing for our members on their specific risk priorities and to find out how we could work with you, book an introductory call.

Get new posts by email