As the Navy’s first CRO, David Wilson developed his skills for homing in on real-world risk and doing something about it. Now at CDP, he combines this desire for action with his own theories on the relationships behind all risk decisions.

David Wilson is a doer. He thinks about doing. He strategises about doing, he coordinates the doing, and he does the doing. Because to him, effective risk management is about “the doing”.

“Risk is not about admiring problems,” he says. “It’s about doing something about them. Risk is dynamic. It’s fluid. It changes. Risk management must be the same. It therefore requires drive and determination to do something about it.”

David Wilson

It seems drive, determination and doing were attributes that were distilled in Wilson early in his career, in the military. These characteristics have positively shaped so much of his risk management ethos to date.

Wilson is currently the director of risk and compliance for the global environmental disclosure charity, CDP – and responsible for managing risks to the world’s only independent climate disclosure platform, during a time of heightened climate change regulations no less. But his career in risk began in the Royal Navy.

“What I realised when I was in the military was that I had always managed risk. So, I decided to formalise this towards the end of my military career.

“I undertook a five-day risk management course through the Office of Government Commerce while still in command of HMS Bangor. This was one of seven Sandown-class mine-hunters responsible for seeking out, detecting and destroying mines.

“I realised that as the ship’s captain, I had always been taking risks or managing them. So, I thought maybe it would be worthwhile to understand what risk management looks like, theoretically.”

David Wilson’s top risks

Geopolitics and Trumpism

The level of uncertainty being driven by the US administration is all-consuming and the pace is unprecedented. There appears to be an increasing polarisation across all societies, which is relatively extreme in the US, but is impacting many countries. In the UK, this might be evidenced by the rise of the Reform party.

Climate change

For me this is an existential risk, potentially as impactful as widespread conflict. It is also a risk that cannot be addressed by a single country – all need to be ‘doing’ or not at all. To me this is a real concern.

Back on land

After spending years at sea, Wilson eventually sat in the Navy’s operational headquarters. He wrote most of the Navy’s risks – everything from the complexity of modern military fighting and health and safety at sea to frontline operations – and developed a supporting risk management framework, before officially being invited to become the Navy’s first chief risk officer.

He says: “I was protected to a certain degree from many of the usual issues that chief risk officers and risk directors face daily. But actually ‘doing’ it – formalising a risk structure and framework (regardless of the differences in risks) – put me in a good position for launching my career outside of the military.”

“You can’t have a strategy without considering the risks that the strategy introduces into an organisation”

So, what did risk management look like outside of the military? “A baptism of fire,” says Wilson.

His first corporate role was as head of risk for Serco’s business services division. His first task was getting to grips with GDPR, data and compliance-related issues – a world away from the risks and culture of the military.

But, says Wilson, two core threads tie military and corporate life together. The first is that “risk and strategy go hand in hand”.

“You can’t have a strategy without considering the risks that the strategy introduces into an organisation. Of course, some of the risks will be positive and present as opportunities, and some will be negative. Regardless, you cannot produce an effective strategy without thinking about the risks and therefore thinking about how best to manage them.”

Do the thinking

The second is the drive and determination to do the doing.

“Serco is a business that serves governments. So, in a way, it has a similar set of values to the ones I held dear in the Navy, which were all about getting things done. But the point is, it is not about doing by the risk manager but by the business. The risk person’s job is to help people identify the risk and the solutions.”

To do this successfully, though, means clearing headspace to “do the thinking” and “do the strategising”, he says.

“There’s a constant trade-off between being able to sort out the issues and thinking about and planning a strategy”

“Our world is constantly changing. And because of the pace and nature of change, there are a multitude of issues and risks to deal with that suck up our headspace.”

“There’s a constant trade-off between being able to sort out the issues, which are almost always about today, and thinking about and planning a strategy for tomorrow’s threats and opportunities.”

But when headspace is created, the thinking side of things can lead to a reimagined ideal of risk management that could, potentially, change how we manage or at least think about corporate risks.

All about relationships

This certainly was the case for Wilson after completing a research study and MSc dissertation that challenges today’s commonly held definition of risk management as a process that manages the threats to an organisation’s objectives or the effect of uncertainty on objectives.

“What if risk management were about managing the risks to corporate relationships and trust within these relationships, rather than to objectives?” asks Wilson.

Based on a theory developed by Professor James Davis of Utah State University, Wilson posits that relationships and trust are at the core of all successful businesses.

“There is a whole host of audiences that an organisation has a relationship with: customers, suppliers, employees, investors, stakeholders, shareholders and the board. It has those relationships because it needs something from those audiences. And what makes a relationship successful? Trust.”

“Rather than risk being a process that assesses the effect of uncertainty on objectives, what if we turned it around and made it about the effect of uncertainty on relationships?”

And trust, or, as Professor Davis refers to it in his research, the empowerment of trust, is defined as “a willingness to be vulnerable”, which contributes to managers taking greater risks in their relationships, with positive results.

“So, if relationships are critical to success and a key aspect of that is trust, and trust revolves around risk taking, then maybe there’s another way of thinking about risk,” says Wilson.

“Rather than risk being a process that assesses the effect of uncertainty on objectives, what if we turned it around and made it about the effect of uncertainty on relationships? How does that change our perspective of the risks that an organisation faces?”

He adds: “So, instead of saying there is a risk of my warehouse burning and it’s going to affect my bottom line by £X, what happens if I turn around and say, what’s the effect on my customers? What’s the effect on my employees? What’s the impact on investors and shareholders? What level of trust will they have in us after the fire event?”

Turning risk into opportunity

And the challenges, to himself and the profession at large, keep coming.

He says: “How do we look at this thing called ‘uncertainty’ in a way that improves our understanding of risk so that it can actually help us make better decisions? How do we take better risks – or opportunities – rather than just admire it?”

And that, he says, is where we need to place the action. “That’s where we all need to be ‘doing the doing’.”

Lightning round

We asked some quickfire questions to get to know the risk leader better – as a decorated veteran, a marathon runner and a devoted family man.

What are you thinking about right now?

The future – and what’s coming down the tracks for me personally, as well as what’s happening around the world.

There’s a lot of unprecedented change, whether political or economic, and it’s driving a significant level of uncertainty, which most people will not have felt in a long time, if ever. So, I’m keeping an eye on the future.

What’s your greatest fear?

Two things: failure and heights (though, as uncomfortable as they make me, I’ll do heights if I really must).

What’s the biggest risk you’ve ever taken?

Running the London Marathon. A week before the run, I encountered problems with my legs. It wasn’t a severe risk, but it took me well out of my comfort zone. I was running for the Royal Navy and Marines Charity – a cause that personally means a lot to me – so I had to go on.

I surmised that as long as I could beat the bus and keep on going, even if I had to crawl the distance, it would be okay in the end. I completed the run almost on my personal target (3hrs 52mins) – but not quite, because the legs hadn’t gone as quickly as they needed. But I went the full distance, nonetheless.

What are your greatest achievements?

Marrying my beautiful wife and raising three wonderful children tops the list and, for the record, they are not in earshot!

Also up on the list are the two years I spent with the Royal Navy Maritime Battle Staff. I was honoured to have planned one of NATO’s largest naval exercises, coordinating 120 ships, 10,000 troops, 150 aircraft and 25,000 square miles of battle space.

I followed this with planning an operation abroad, where we were deployed for five months. These were very special tasks for me. Two very complicated projects came off, and I was very proud to have received a Commander in Chief Fleet Commendation.

Who do you look up to and why?

There are lots of people I could name, including my wife. But if we’re talking shop, I will go with Tim Murray as he has really shaped my career.

Tim is the group director, enterprise risk and compliance at Serco and gave me my first job after leaving the military. He is a remarkable individual on lots of fronts – not just risk. We’ve had some great discussions when I was at Serco, and he helped cement the idea that risk management was the ideal career path for me.

SR Q2 2025 Edition