Risky Business: how should companies act on the National Risk Register?

4 Aug 2023

Lawrence Dore and Beatrix Lohn examine the implications of the National Risk Register for UK corporates and their communications preparedness.

Our society faces an increasing number of larger-scale risks, with climate change taking hold of our planet, artificial intelligence developing a mind of its own, territorial conflicts reaching boiling point and the instability of energy supply… just to name a few.

In early August, the UK government published its latest analysis and comprehensive framework regarding the risks posed to UK.

It was Oliver Dowden MP, Deputy Prime Minister standing in for PM Rishi Sunak, who announced the latest iteration National Risk Register (NRR) that sets out the Government’s latest assessment of key risks to the UK.

The Register outlines 89 threats that could have a significant impact on the UK’s safety, security or critical systems at a national level. Others are excluded for security reasons. The Register, last published in 2020, enumerates AI, drone attacks and disruption to energy supplies by the Russian regime as some of the main threats to the UK. Each risk has been assigned a severity rating that takes into account factors such as death toll and financial cost.

This framework differs to previous editions of the NRR. Significantly, this is the first time that the NRR has included content from, and aligned with, the same structure as the classified National Security Risk Assessment (NSRA), revealing and declassifying more risk information than ever before.

The NRR is a singular example of risk preparedness: the methodology and matrix that it presents offer a formula that corporates can use as a prism for their own risk registers and preparedness. It also represents an opportunity for corporates to gain insight into how the government will consider and apply risk considerations when creating new policy.

Corporates should not panic at the sight of risk. It should be embraced and managed, and crisis communications is part and parcel of that.

Lawrence Dore and Beatrix Lohn, DRD Partnership

DRD Partnership, recognised by Chambers & Partners as a top-ranked Crisis & Risk Management firm, has at the heart of its approach an understanding of how to play crisis communications into the management of potential risks that our clients may face.

The role of communications is crucial to crisis preparedness. There are two areas of focus:

  1. The plumbing”: corporates should have tried-and-tested procedures in place to ensure that, if a risk becomes a material threat, an adequate crisis preparedness strategy is in place with escalation protocols and training of relevant personnel.
  2. The maintenance”: corporates need regularly to review their crisis preparedness strategies and the potential new risks that they could face in the near future. As we have seen with the updated NRR document, a whole new array of risks has become apparent over the past two years with cyber and energy security appearing for the first time as recognised risks to the UK. No one now doubts that they are.

Corporates should not panic at the sight of risk. It should be embraced and managed, and crisis communications is part and parcel of that. That being said, as we expect to see a greater number of risk categories emerging, there needs to be an understanding of clients’ material risks and which of those pose the greatest threat.

Risk preparedness should mean that, if and when issues arise, corporates are palpably at the ready to face up to the challenge and respond in a measured and clear-sighted way.