Experts Identify the Critical Business Risks for 2020

Three of the world’s top risk management firms have surveyed thousands of board members, C-Suite executives and operational practitioners from around the world to determine the most critical issues ahead for 2020. As your organization rolls out its strategy for 2020, it’ll be key to understand the risks which global leaders agree might impact your corporate objectives. This paper compares two leading “Top 10” lists, highlights common themes, and provides data for use in comparison to your organization’s risk register.

The two surveys differ in scope. The first report addressed below (“NCU/Protiviti”) lists risks which are “Strategic” and reveals views from those in an “oversight role”. The second report reviewed (“Allianz”) lists risks which are more “Operational” and entails responses from individuals most likely to be involved in mitigating and managing risks.

A list of 30 risks, catalogued into three “dimensions” i.e. Macroeconomic, Strategic, and Operational are listed below in Appendix A.

North Carolina State University is a leader in research Enterprise Risk Management and has partnered with Protiviti, a global risk firm, (such partnership referred to herein as NCU/Protiviti”). Together NCU/Protiviti approached 1,063 board members and C-Suite executives from around the world to determine the risks most impacting on organizations in 2020. Their paper entitled “Executive perspectives on Top risks 2020-Key issues being discussed in the boardrooms and C-Suite”1 is an excellent research paper which concludes that the two key issues facing businesses are talent and culture on one hand, and technology and innovation on the other.  

Macroeconomic, Strategic, and Operational

NCU/Protiviti created a list of 30 risks and catalogued them into three “dimensions” being Macroeconomic, Strategic, and Operational, and the methodology entailed asking respondents to rate each of the 30 risks, see Appendix A below. One risk which has jumped into the #2 spot and which did not appear on the 2019 list surrounds economic conditions impacting growth. The Brexit discussions, trade discussions between China and the USA, and an overall slow down in economic growth have contributed to these concerns. Interestingly, the survey shows an increased interest by respondents in investing in risk management to address the volatile current business environment globally. Another concern is the risk of increased scrutiny on regulatory affairs, a risk ranked 3rd in North America, and 1st or 2nd in 7 of 8 other regions elsewhere in the world.

Allianz Global Corporate & Specialty (“Allianz”) is a leading global corporate insurance carrier providing risk consultancy, Property-Casualty insurance solutions, and alternative risk transfer services. The Allianz survey forms part of their paper entitled the “Allianz Risk Barometer: Identifying the major business risks for 2020” and incorporates the views of 2,718 respondents from 102 countries and territories. This risk survey was conducted among Allianz customers (global businesses from Fortune 500’s to smaller organizations), brokers and industry trade organizations. It also surveyed risk consultants, underwriters, senior managers and claims experts.

Changes in legislation and regulation are key concerns

Linda Regner-Dykeman, Chief Agent for Allianz in Canada, comments on results relating specifically to Canada: “As expected, Business Interruption and Cyber incidents continue to be major exposures for Canadian businesses. The risk of changes in legislation and regulation has moved up significantly to 3rd, chosen as a top risk by almost a third of respondents. Trade wars, tariffs, economic sanctions and protectionism have companies concerned about the instability of future markets”.

In the USA, Cyber Incidents has emerged as the top risk, with Business Interruption #2 and Natural Disasters #3. Per Bill Scaldaferri, CEO of Allianz North America, “increasing connectivity and sophistication of attacks have been driving up the frequency and severity of incidents for some time”.

Cyber risk was chosen overwhelmingly as the top risk by global respondents

The Allianz survey notes that Cyber risk was chosen overwhelmingly as the top risk by global respondents, due largely to the increasing reliance on their data and IT systems and a number of high-profile incidents. Businesses face a growing number of cyber challenges including larger and more expensive data breaches, an increase in ransomware and business email compromise (spoofing) incidents, including the risk of litigation post event. Cyber exposures are also emerging as a hot M&A topic in the wake of a number of large data breaches. A 2018 breach experienced by the Marriott hotel chain was traced to an intrusion in 2014 at Starwood, a hotel group it acquired in 2016. Even the best protected companies will be exposed if they acquire a company with existing vulnerabilities and the acquiring firm could be liable for intrusions prior to the acquisition.

After 7 years at the top of the Allianz list, Business Interruption (BI) drops to second position in the  survey for 2020, although increasing is the trend for more complicated business interruptions arising out of non-traditional sources such as technology and cyber breaches. At third on the list, businesses are more concerned about changes in legislation and regulation than a year ago.  The survey notes that Tariffs, sanctions, Brexit and protectionism – around 1,300 new trade barriers were implemented in 2019 alone – were cited as key concerns for respondents, noting especially the game changing sustainability legislation introduced in Europe in the last year.

The 10 Most Critical Risks

The NCU/Protiviti and Allianz Top 10 Lists are below showing concerns listed in order of priority. Common risk themes are coloured:

In conclusion, board members and business leaders are guided to ensure that their organizations are managing their top risks through a systematic program often referred to as Enterprise Risk Management. This paper identifies risks which should be considered for inclusion on Risk Registers as organizations roll out corporate strategies in 2020.

Appendix A: 30 Risk Issues: Macroeconomic, Strategic, Operational1


  • Anticipated volatility in global financial markets and currency exchange rates may create significantly challenging issues for our organization to address
  • Political uncertainty surrounding the influence and continued tenure of key global leaders may impact national and international markets to the point of significantly limiting our growth opportunities
  • Evolving changes in global trade policies (e.g., Brexit, NAFTA update, escalating tariffs) may limit our ability to operate effectively and efficiently in international markets
  • Our ability to access sufficient capital/liquidity may restrict growth opportunities for our organization
  • Economic conditions in markets we currently serve may significantly restrict growth opportunities for our organization
  • The adoption of digital technologies (e.g., artificial intelligence, robotics, natural language processing) in our organization may require new skills that either are in short supply or require significant efforts to upskill and reskill existing employees2
  • Geopolitical shifts and instability in governmental regimes or expansion of global terrorism may restrict the achievement of our global growth and profitability objectives
  • Anticipated increases in labor costs may affect our opportunity to meet profitability targets
  • Unexpected change in the current interest rate environment may have a significant effect on the organization’s operations


  • Rapid speed of disruptive innovations enabled by new and emerging technologies (e.g., artificial intelligence, robotics, machine learning, hyperscalable platforms) and/or other market forces may outpace our organization’s ability to compete and/or manage the risk appropriately, without making significant changes to our business model
  • Social media, mobile applications and other Internet-based applications may significantly impact our brand, customer relationships, regulatory compliance processes and/or how we do business
  • Regulatory changes and scrutiny may heighten, noticeably affecting the manner in which our products or services will be produced or delivered
  • Shifts in environmental, social and governance (ESG) preferences as well as expectations of key stakeholders about climate change, diversity and inclusion, and other sustainability issues may be difficult for us to identify and address on a timely basis
  • Ease of entrance of new competitors into the industry and marketplace or other significant changes in the competitive environment (such as major market concentrations due to M&A activity) may threaten our market share
  • Our organization may not be sufficiently prepared to manage an unexpected crisis significantly impacting our reputation
  • Growth through acquisitions, joint ventures and other partnership activities may be difficult to identify and implement
  • Opportunities for organic growth through customer acquisition and/or enhancement may be significantly limited for our organization
  • Substitute products and services may arise that affect the viability of our current business model and planned strategic initiatives
  • Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in our existing customer base
  • Performance shortfalls may trigger activist shareholders who seek significant changes to our organization’s strategic plan and vision


  • The behaviors and personal conduct of the organization’s management team and other key representatives may not conform to societal and ethical expectations (new in 2019)
  • Uncertainty surrounding the viability of key suppliers, scarcity of supply, or stable supply prices may make it difficult to deliver our products or services at acceptable margins
  • Third-party risks arising from our reliance on outsourcing and strategic sourcing arrangements, IT vendor contracts, and other partnerships/joint ventures to achieve operational goals may prevent us from meeting organizational targets or impact our brand image
  • Our organization’s succession challenges and ability to attract and retain top talent in a tightening talent market may limit our ability to achieve operational targets
  • Our organization may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt core operations and/or damage our brand
  • Ensuring privacy/identity management and information security/system protection may require significant resources for us
  • Our existing operations, legacy IT infrastructure, and insufficient embrace of digital thinking and capabilities may not meet performance expectations related to quality, time to market, cost and innovation as well as our competitors, especially new competitors that are “born digital” and with a low cost base for their operations, or established competitors with superior operations
  • Inability to utilize data analytics and “big data” to achieve market intelligence and increase productivity and efficiency may significantly affect our management of core operations and strategic plans
  • Resistance to change may restrict our organization from making necessary adjustments to the business model and core operations
  • Our organization’s culture may not sufficiently encourage the timely identification and escalation of risk issues that have the potential to significantly affect our core operations and achievement of strategic objectives


  1. North Carolina State University in partnership with Protiviti, December 12, 2019. Top Risks Report 2020:  Executive Perspectives on Top Risks for 2020.
Share this