In the face of growing compliance challenges, new research reveals that UK CEOs are deprioritising regulatory compliance, despite its critical role in safeguarding businesses. 

According to a recent survey* regulatory compliance and risk management ranked among the lowest business priorities, as only 4% of CEOs cited it as their top concern. This trend comes at a time when compliance issues, such as data breaches and cybersecurity threats, are on the rise.

Top Business Priority

Customer satisfaction and retention (21.4%) topped the list of priorities for CEOs, followed closely by revenue growth (18.4%) and cost efficiency (17.0%). Compliance and risk management ranked near the bottom, with only 4% of CEOs prioritising it.

The Regulatory Landscape

Health and safety regulations dominate CEO concerns, with 46% identifying them as their top regulatory priority, followed by data protection and privacy laws at 19%. Notably, cybersecurity regulations ranked low, with just 6% listing it as a top priority, despite the ever-growing threat of cyberattacks.

Cybersecurity and Compliance Risks Overlooked

CEOs either highly prioritise cybersecurity or overlook it altogether. While some (6%) view it as a top compliance issue, the average ranking placed cybersecurity in 9th position out of 12 major regulatory concerns. This lack of consistent focus poses significant risks, particularly in industries dealing with sensitive data.

Generational Divide in Compliance Focus

The survey shows a stark generational divide in regulatory priorities. Younger CEOs (18-24 years) focus heavily on anti-bribery regulations, with 43% ranking it as a top-three concern, while older CEOs (55-64 years) show a greater concern for cybersecurity and tax compliance. Only 4.5% of younger CEOs identified cybersecurity as a priority at all, compared to 8.3% of their older counterparts.

Vivek Dodd, CEO of Skillcast, commented on the findings: “The data shows an alarming disconnect between CEOs’ business goals and the compliance risks their companies face. With cybersecurity breaches on the rise and data protection regulations becoming more stringent, the lack of focus on these areas could lead to severe legal, financial and reputational consequences.”

Vivek continues, “This research highlights the need for a cultural shift in how businesses approach compliance, particularly when it comes to cybersecurity. Compliance should be embedded into the core of business operations, not treated as an afterthought. CEOs and senior management must take a proactive stance, ensuring that their organisations are prepared for both the evolving regulatory environment and the increasing sophistication of cyber threats.”

In light of these findings, compliance experts recommend that businesses increase their focus on compliance training, particularly around data protection and cybersecurity, which have become essential in today’s digital age.

Regulatory oversight is tightening across all industries, and failure to prioritise compliance could have far-reaching impacts, from legal penalties to reputational damage.

*Research by Skillcast