Skip main navigation

What are the main threats facing a modern organisation?

To come
© Coventry University. CC BY-NC 4.0
Risk can be strategic, operational or tactical and organisations need to identify the risks they face and to decide which to manage actively.
So, what is the overarching consensus on what those risks are?

World Economic Forum – global risks

Each year, the World Economic Forum (WEF) presents the results of their Global Risks Perception Survey. It collates the views of nearly 1,000 decision-makers from the public sector, private sector, academia and civil society.
The report categorises risk as follows:
  • Economic vulnerabilities
  • Geopolitical tensions
  • Societal and political strains
  • Environmental fragilities
  • Technological instabilities
Within the report, they present a chart that shows the top risks from each category plotted against impact and likelihood. Watch the video below to see how those risks have changed over time.
A full description of the video is available as alternate text in the downloads section.
Since 2009, many of these interconnected economic risks have become less prominent and those associated with technology (eg, cyber-attacks), and with the environment (eg, climate change), have become more so, both in terms of likelihood and impact. Weapons of mass destruction have been in the top five risks in terms of impact since 2013 though with a lower likelihood to the others.
Risks do vary by region, so while consideration of the risks as presented at a global level, any organisation with operations, supply chains or customers in other counties may wish to consider the risks at a more granular level.
The top five risks for selected regions according to the WEF report of 2018 were:
Latin AmericaSub-Saharan AfricaSouth Asia
Failure of national governanceUnemployment and underemploymentFailure of national governance
Profound social instabilityFailure of national governanceUnmanageable inflation
Unemployment and underemploymentEnergy price shockUnemployment and underemployment
Fiscal crisesFailure of critical infrastructureFailure of regional and global governance
State collapse or crisisFiscal crisesCyber-attacks
Some of these risks may be things that an organisation cannot control, but they can assess if/how they will have an impact on their operations and how they might respond in the event that the risk does arise (eg the impact of infectious disease). But it is not enough to look at each risk in isolation – they are interconnected.
‘The World Economic Forum’s Global Risks Report 2019 is a reminder to anyone charged with managing risk to always maintain a holistic view of their organisation… If business leaders don’t look at risk holistically, they won’t be prepared to respond to the connected risks of extreme weather, climate change, infrastructure failure, cyber-attacks and many others that can directly threaten their very survival.’
(Franklin 2019)

UK National Risk Register

The National Risk Register (NRR) for Civil Emergencies 2017 explains the risks of major emergencies that could affect the UK in the next five years and provides resilience advice and guidance.
While the focus of the NRR might be on the role of national and local government and on other Category 1 & 2 responders, the NRR can be used by other organisations or members of the public to plan for and respond to disruptive events. These include risks in the broad areas of foreign countries, natural hazards, diseases, major accidents, social risks and malicious attacks. The NRR document provided a coherent evaluation of risks, historic context and guidance on what actions can be taken.
The NRR represents the most comprehensive and systematic attempts at substantiating risk knowledge by government ministries (Hiscock and Jones 2017) and similar national-level risk registers have been developed elsewhere in the world. Additionally, in the UK, national-level tools such as the UK Climate Change Risk Assessment may also provide support.
In the UK, local-level risks can be accessed via Community Risk Registers eg West Midlands Community Risk Register


These risk reports and registers at the global, national and local level represent one of a number of tools available to organisations in assessing and managing risk. But there is some evidence that shows that organisations do not always incorporate or know how best to incorporate them into their own frameworks:
‘People and organisations will tend to ignore problems that are too complex to fit easily into current frameworks of accountability and behaviour.’
(Craig 2018)
In a study of East Anglia, Hiscock and Jones found that while the NRR was useful, it was:
‘Unable to support them in delivering actionable measures to develop risk resilience due to the absence of practical applications, case study approaches, and tools to progress organisational frameworks.’
(Hiscock and Jones 2017)
The risk reports provide an overview of the main threats posed to economic activity at a global, national or local level. Some of these risks will be relevant to an organisation, but the organisation will need to ascertain the extent to which these are applicable to their operations and what the significance is to their operations, activities, products, services and processes. This is clearly not a simple task.
So, is there a need for a greater synthesis of information, better collaboration and engagement in order to operationalise risk registers in business?

Your task

The NRR also produces a matrix of risks in much the same manner as the WEF risk report. See pages 9-10 at the following link:
Cabinet Office (2017) National Risk Register Of Civil Emergencieswork [online] available from
How do the WEF Global risks compare to the UK National Risk Register? What similarities and differences can you see?
The board of a company has the overall accountability to ensure that risks are identified and managed to ensure the long-term sustainability of the business. Companies (ie those with share/stockholders) typically publish their approach to risk management and their priority risks in their Annual Report and Accounts.
Here is an example of such a report from Scottish Power a UK Utilities company. You can see the perceived risks listed on pages 10-13.
Using the company above or an annual report from another operating in either the water, energy, or food manufacturing sectors:
  • Identify the perceived risks
  • How do you think these risks compare to the risks identified in the material above?
  • What other issues do you think/know the company have taken into account in identifying the major threats posed to their operations?


Franklin (2019) Global Risks Report reminds us to take a holistic view of risk [online] available from [07 May 2019]
Craig, C. (2018). How Does Government Listen to Scientists? Springer.
Hiscock, K., Jones, A. (2017) ‘Assessing the Extent to Which the UK’s National Risk Register Supports Local Risk Management’. Sustainability (Switzerland), 9 (11).
© Coventry University. CC BY-NC 4.0
This article is from the free online

Business Continuity Management and Crisis Management: An Introduction

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education