About 84% of directors and officers in Australia and New Zealand list health and safety as the top risk, according to a report from broker WTW and law firm Clyde & Co. 

Cyber attack ranked second (69%), followed by systems and controls (66%) and data loss (64%). Rounding out the risk list are fifth-placed regulatory breach (56%), insolvency/bankruptcy of organisation (54%) and climate change (46%). 

The report says the findings are “surprising” as there have been no significant legislative changes regarding health and safety of employees. 

It says psychosocial risk, rather than traditional safety risk, appears to be the most relevant factor behind the risk rankings this year. 

“In that regard, we note the comments of a couple of industrial insureds in Australia to the effect that it is the risk of hiring and retaining employees which keeps them up at night, as without employees (in what can be a very tight labour market, particularly in some sectors), an organisation cannot operate its business,” the report says. 

“A company’s work health and safety policy, including in relation to mental health and well-being, could differentiate itself from its competitors. 

“The current debate following the Australian Government’s proposal to introduce the ‘right to disconnect’ highlights the prevalence of psychosocial risks and its likely ongoing presence on the agenda for 2024.” 

Cyber and data loss remain a “substantial and significant” risk despite placing second and fourth, the report says.

“They are still clearly a major risk across all industries irrespective of size. Indeed, Australasian regulators have included technology and operational resilience including cyber resilience as part of their key enforcement priorities for 2024.” 

Globally, health and safety placed first, occupying the top spot for the first time. It has always been in the top-7 list since 2018, the report says. 

Cyber dropped one spot to second, followed by data loss, regulatory breach, systems and controls, bribery/corruption and breach of sanctions. 

“The results this year are pretty surprising … we have a new number one risk for directors and officers,” the report said. 

“We found this to be a genuinely surprising change. There seems to be general agreement that health and safety is a key risk which boards must consider and the most consistent point raised was that the change may be more reflective of people becoming more comfortable with managing cyber and data loss risks, rather than that health and safety has been re-prioritised.” 

Click here to access the report.