Health and safety tops risk concern list for Directors and Officers - here’s how to protect your business

Health and safety is the top risk facing directors and officers, according to new research.

The 2024 Global Directors’ and Officers’ Survey Report from WTW and Clyde & Co identifies and analyses key risks across the UK, Europe, Asia, Australasia, Latin America, North America, Africa, and the Middle East.

Overall, health and safety was considered the top risk with 84% of global directors, officers and risk managers ranking it as very or extremely important, closely followed by cyber-attack (including cyber extortion) risks which were selected by 79%.

Globally, data loss dropped to third place, having ranked second last year. For the first time since 2019, the threat of an organisation being a victim of crime has dropped out of the top seven risks entirely.

Commenting on the findings this year, Simon Weaver, head of Asia Pacific at WTW, said: “Health and Safety is the new top risk facing directors… We strongly recommend that organisations prioritise evolving their risk management practices, addressing the emerging threats.”

What does it mean for businesses and their risk managers?

The findings of the research highlight the unique and complex issues facing today’s directors which go beyond  financial obligations to shareholder return.

Weaver says: “The responsibilities incumbent upon directors and officers in APAC continue to evolve and become more nuanced, with aspects, such as employee safety, ESG-related obligations and cybersecurity-related pressures to be cognisant of. All set with a backdrop of ever-increasing competition and pressures to meet financial targets.”

“There is a pressing need for better education on D&O insurance and indemnification practices”

He adds that it is not a surprise that cyber-attacks (including cyber extortion) came in as the second highest risk facing directors and officers. With the rapid developments in AI changing the complexion of security, operation and automation, directors simply cannot afford stay passive.

James Cooper, partner at, Clyde & Co, said: “The report underscores the dynamic and complex nature of the risk landscape currently facing directors. What we have seen is that there is a pressing need for better education on D&O insurance and indemnification practices to ensure directors and officers are comprehensively protected.”

How to tackle the threats

Now more than ever, effective risk management requires breaking down information siloes within companies and bridging knowledge gaps between stakeholders.

Risk owners will inevitably view things through their own lenses and interests.

For example, legal counsel may view cyber risk in the context of data breach and privacy regulations, whilst the IT teams will view it from an operational framework. CFOs will want to understand what cyber risk means in dollar terms, budgets and ROIs.

This leaves risk professionals with a tricky job on their hands.

“Attaching a dollar value to the risk by undertaking impact analysis and modelling scenarios by frequency and severity is a smarter way to approaching risk”

Jennifer Tiang, cyber lead, Asia, WTW said: “We recommend working on shared definitions of what a ‘catastrophic event’ means operationally and financially, and establishing what is acceptable and within risk-bearing ability. The common alignment means boards can rest knowing that there has been a robust, inclusive and defensible approach to large-scale risk.

“Bringing data and loss modelling into the conversation is a powerful method of establishing these shared ‘worldviews’ within an organisation… Attaching a dollar value to the risk by undertaking impact analysis and modelling scenarios by frequency and severity is a smarter way to approaching risk that will stand up to stakeholder and shareholder scrutiny.”