Insights from Matt Mann, Head of the Greater Chicago Region, Aon

Matt is responsible for leading the Aon United teams within the Greater Chicago region, including Illinois, Indiana, Northern Kentucky and Wisconsin, working across solution lines to deliver innovative solutions and advancing our one-firm mindset. Matt has more than 20 years of experience at Aon, including various leadership roles across Aon Health Solutions.

What’s one thing happening at your company that you’re most excited about?

There are many exciting things happening at Aon right now, but one thing in particular is the reveal of our new brand and the Aon Story. Put simply, Aon is in the business of better decisions. We help shape decisions for the better — to protect and enrich the lives of people around the world. We are committed as one firm to our purpose. We are united through trust as one inclusive, diverse team, and we are passionate about making our colleagues and clients successful.

We know that the world is constantly changing, and with it comes the need to adapt and adjust. We are dedicated to providing our clients with innovative, tailored solutions to meet unmet and unfulfilled needs stemming from these increasingly complex and interconnected challenges.

What are some of the challenges you see companies facing today?

The impact of the COVID-19 pandemic has demonstrated that the world is more volatile than ever before. With ransomware attacks filling the headlines and the pandemic pushing companies to embrace remote working and online business models, cyber security has become a top-of-mind concern for many business leaders. In fact, cyber attacks/data breaches ranked first on the list of the top 10 risks companies are facing today as identified in our recently released 2021 Global Risk Management Survey, a report that included more than 2,300 respondents in 60 countries/territories across 16 industries at both public and private companies.

Additionally, as one could anticipate with the constant news of product, input and service delays, business interruption was predicted to be at number seven but came in a close second on the top 10 list. It is a technical concern that is reflected in other risks, including supply chain or distribution failure and workforce shortage.

The pandemic also triggered a global economic recession, ensuring that economic slowdown/slow economic recovery remained a top three risk in our survey. Long-tail risks have become a focal point of the risk landscape, with the ripple effects of increased cyber events, severe weather and supply chain disruptions having a significant impact on the global economy.

Are you seeing any underestimated risks that companies haven’t focused on as much?

Though climate change was not identified as a top 10 risk, it’s inherently tied to other, more tangible risks, where the immediate impact is measurable – such as business interruption, material scarcity, damage to reputation, regulatory changes and supply chain issues, which are all top 10 risks.

Some respondents in our survey might have connected climate change to regulatory risk, environmental risk or weather and natural disasters. However, climate change is a far bigger risk than previously assumed, and it is quickly becoming an imperative for boards and C-level executives to address.

Corporate Social Responsibility and Environmental, Social and Governance (ESG) was also an underrated risk. Companies are increasingly required by regulators to adopt transparent and effective ESG initiatives. The underrated status of this risk could be attributable to the fact that many respondents classify ESG to predominantly be a regulatory exposure today, or a driver of reputational damage, both of which feature in the top 10 list. We definitely see ESG continue to be a prominent topic among our public company topics, as well as corporate and private equity acquirers in M&A.

Loss of intellectual property and property infringement is another substantial risk that was highly underrated by our survey respondents — but that may be because other areas of the respondents’ organizations have the responsibility for mitigating and managing it.

There were some surprises found in the industry-specific research. For example, failure to attract and retain talent did not make the top 10 list in both retail and food, agribusiness and beverage, two industries that have faced challenges with workforce shortages. Another observation is that cyber risk ranks at number four by respondents in the hospitality, travel and leisure industry, compared with its first-place ranking in the overall survey. We have seen a number of high-profile loss events in that industry, so addressing cyber risk should be a top priority in creating organizational resilience.

What risks do you anticipate will continue to grow in the next few years?

In our survey, we asked respondents to project the top five risks facing their businesses in the next three years. Their projections enable us not only to gauge what might be on the horizon but also to compare what they have predicted with the actual results.

In the next three years, the risk of cyber attacks/data breach is expected to remain at the top of the list, followed by economic slowdown/slow recovery and commodity price risk/scarcity of materials. Business interruption is expected to drop to a ranking of four, and accelerated rate of change in market factors is predicted to rise to number five again.

The only other forecast re-entry is cash flow/liquidity risk at number ten, which suggests that respondents don’t think that the economy’s overall pace of change will slow down in the next three years. Risk managers and business leaders anticipate the rapid pace of change will bring about dynamic risk profiles, changing the way we work, the creation of new business models and how we consume.

2021 Global Risk Management Survey Top 10 Risks in the Next 3 Years

Do you have advice on how companies should address these current and future challenges?

With cyber attacks/data breaches as the top risk, it’s imperative for companies to have incident response plans that are flexible and scalable. Threat simulations and tabletop exercises can put incident response plans to the test; this not only helps to limit the impact of a breach once it happens, but also can save money, minimize reputational damage, and help improve compliance and protections when it comes to sensitive data and intellectual property.

To mitigate the risk of business interruption, it’s recommended that companies review their existing insurance coverage and limits. Conducting a risk financing analysis of the policy limits and excesses is a good way to find improvements in the program.

These are just a couple of ways that companies can address some of the top challenges. At Aon, we are dedicated to innovative solutions that address both known risks, as well as those that are emerging. Whether by proprietary data or state-of-the-art analytics, our purpose is to enable our clients to make better decisions and manage volatility at scale. We are always pleased to have a conversation about insurable and not-yet insurance risks and exposures, and to help our clients make the best possible decisions about risk transferred and retained, enabling their businesses to grow and be protected.

Visit for a more in-depth look at the top 10 risks and key findings, including industry breakdowns.