Global menu

Our global pages

Print Friendly and PDF


Our study demonstrates that directors are confident about their approach to risk and that most companies consider risk an essential part of their strategy. However, many recognise they cannot be complacent: our interviews show that board members see risk as an area needing continuous review and evolution.

The approach to risk management depends on the sector, the degree to which a company is regulated, and the nature of its business. The presence or absence of a chief risk officer or a designated risk committee does not mean the company deals with risk any better—or any worse—than other companies do. What is key is that the right risks are prioritised and that the company creates a top–down culture to consider risk appropriately.

Good governance of risk means board members should continually revisit their company's approach to risk. As with all areas of governance, directors should constantly challenge the actions they are or are not taking.

To further improve risk management effectiveness, all companies should consider:

  • getting serious about digital strategy oversight, to ensure the company is not blindsided by industry upheavals from digital newcomers

  • mitigating cyber threats and risks from digital transformation, by hiring directors with tech expertise or consulting with outside experts

  • assigning responsibility for risk, by creating a dedicated risk committee, appointing a CRO or equivalent, or appointing a board member to be responsible for risk management

  • putting “unknown unknowns” on the boardroom agenda, to improve the company's agility in responding to emerging threats including geopolitical, market disruption, and climate risk and, where necessary, bringing in experts to identify emerging threats in their sector.


In late 2018, Oxford Economics surveyed 350 board directors at for–profit companies, of which 30 served on the boards of privately held firms. In total 46% of respondents came from Europe; 29% from the US; 13% from Asia; 9% from the Middle East; and 3% from Latin America. Industry groups represented include: telecommunications, financial services, pharmaceuticals, food/consumer products, retail, entertainment, transportation, industrial manufacturing, engineering and construction, chemicals, automotive, utilities, hospitality, energy and mining, professional services, aerospace, technology, healthcare, agribusiness, and industrial products. All companies had annual revenues above USD 250 million, with 58% having revenues above USD 1 billion.

Additionally, Eversheds Sutherland conducted 50 anonymous interviews with clients; quotes from those interviews are identified by the individual's position and industry sector or location.

…How we manage business everyday is all about managing risk…risk is at the forefront of decisions…

CEO, UK listed company