Overview of top risk issues in 2024

While most of the top risk issues for the government services sector in 2024 relate to talent, cybersecurity and legacy IT environments, organisational culture and resilience also represent urgent concerns, as does the ability to respond to unexpected crises with resilience and agility. Government services leaders express reservations regarding the degree to which their organisational cultures encourage the timely identification and escalation of emerging risk issues. Whether the organisation can respond effectively and in an agile manner to unexpected crises marks another top concern.

As leaders of government services organisations focus their attention on the most pressing and prevalent risks in 2024, they should consider new mindsets and approaches for managing talent, mitigating cyber threats and updating legacy IT infrastructure. Doing so requires a solid grasp of the multifaceted nature of these issues.

• Talent management: Attracting, recruiting and retaining skilled workers are ongoing — and borderline endemic — challenges within government services. These areas also represent a long-term problem: Survey respondents project talent-related risks as the second most significant concern in 2034, just behind cyber threats (see below). The historic allure of government service (e.g., situations such as the Cold War and Space Race, which provided strong, non-financial motivation) does not appear to be motivating younger workers to pursue government employment in the way people did in the latter half of the 20th century. Now, more “baby boom” engineers who leapt at the opportunity to work for space programmes in the 1960s, 1970s and 1980s are retiring, and Gen X workers may not be far behind. From 2020 to 2022, an average of more than 100,000 U.S. federal workers retired each year. That’s 36% higher compared to the period from 2000 to 2002, when approximately 76,000 federal workers retired annually.^[1] Retirement-age federal employees now outnumber younger employees by two to one in the United States, where there were more full-time permanent federal employees in the 50—54 age bracket than any other age group in 2022.^[2] Furthermore, across the globe, subsequent generations are far more likely to choose the allure and higher pay of jobs in industries such as technology and financial services over government roles. Of note, for 2024, other talent management-related concerns include increasing labor costs (the third highest-ranked risk issue) and the impact of social issues and DEI priorities on organisations’ ability to attract and retain workers (a top 10 risk issue).

Image

• Cybersecurity: As is the case with talent management, cyber threats are an area of significant concern for government agencies. To illustrate, in the United States, over the past dozen years or so the U.S. Government Accountability Office (GAO) has publicly issued more than 700 recommendations related to securing federal systems and information. “Until these are fully implemented,” a January 2023 GAO report states, “federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them.”^[3]Not surprisingly, ensuring privacy and compliance with growing identity protection expectations also ranks as a top 2024 risk issue among government services respondents. The same holds true for third-party risks (ranked in the top 10 for 2024), many of which relate directly to data privacy and security issues.

  As government services leaders address cybersecurity, they should keep in mind that attack surfaces are expanding due to digital transformation progress (including the widespread shift to online services) and the increasing adoption of Internet of Things (IoT)-connected networks and applications. IoT sensors generate more data and provide bad actors, who continually develop new modes of attack, with new opportunities to breach organisational cyber defenses. Smaller government organisations, including those at the regional, province/state, and local levels, are especially vulnerable to cyber threats. Smaller agencies and departments generally have more limited cybersecurity budgets and less access to the knowledge and skills required to create and continually adapt their cybersecurity capabilities to new types of threats and attack modes. At the same time, because these organisations are perceived to be easier targets to breach, bad actors increasingly are targeting them to disrupt operations and interfere with elections through phishing, denial of service and ransomware attacks.

• Legacy IT: Government services organisations face scale, time, money and resource challenges when it comes to addressing aging IT infrastructures through technology modernisation. Mainframe systems designed in the 1970s and 1980s still underpin operations in many government offices. These infrastructures have been held together with numerous makeshift, ad hoc solutions by systems administrators who have already retired or will do so soon. In addition, given their age and design, many legacy systems have undergone extensive customisation. In many cases, this means that upgrades are off the table, and that new, modern systems must be implemented from scratch. While time-consuming and expensive, such implementations are crucial to perform because outdated systems can limit organisational resilience and agility (another top 10 risk concern for 2024) as well as the ability to recruit talented technology professionals who would rather work with advanced tools and technologies than perform troubleshooting and maintenance on antiquated systems. Additionally, more large ERP vendors are establishing definitive timelines for moving customers away from on-premises solutions to cloud environments, further underscoring the urgency to update legacy systems.

It is worth noting that ongoing political polarisation and legislative gridlock frequently hinder the ability of government services organisations to respond to many of these risk issues. Budgeting brinkmanship at all levels of government injects additional uncertainty into planning and forecasting activities.

Overview of top risk issues in 2034

When government services leaders share their 10-year outlook, cybersecurity and talent management risk ratings are considerably higher, and they are joined by major concerns related to natural disasters and regulatory requirements focused on climate change and sustainability.

In last year’s survey, the rising threat of catastrophic natural disasters and weather phenomena barely rated as a top 25 risk concern. For 2024, this risk issue figures as a top 15 concern. By 2034, government services leaders rank the threat of natural disasters in their top five (specifically, third), with sustainability policies, regulations and disclosure requirements not far behind.

Catastrophic natural disasters are not the only concern that government services survey respondents expect to become riskier during the next decade. Compared with last year’s survey results related to the long-term risk outlook, this year’s respondents gave notably higher risk ratings to many of their longer-term concerns — including cyber threats, third-party risks, and geopolitical shifts, regional conflicts and instability in government regimes or the expansion of global terrorism.

Image

Of note, similar to the roadblocks government agencies face with their 2024 top risks, political polarisation and gridlock may inhibit their ability to respond to these issues effectively.

Heightened geopolitical concerns reflect intensifying conflicts around the world. The survey results indicate an expectation among government leaders that the current period of geopolitical conflict will sustain over the coming decade. Government services leaders also view cyber threats and talent-related risks as long-term challenges. Heightened regulatory changes and scrutiny along with organisational culture concerns (centered on the timely identification and escalation of emerging risk issues) round out the list of highest-rated 2034 risk issues.

About the Executive Perspectives on Top Risks Survey

We surveyed 1,143 board members and executives across a number of industries and from around the globe, asking them to assess the impact of 36 unique risks on their organisation over the next 12 months and over the next decade. Our survey was conducted in September and October 2023. Respondents rated the impact of each risk on their organisation using a 10-point scale, where 1 reflects “No Impact at All” and 10 reflects “Extensive Impact.” For each of the 36 risks, we computed the average score reported by all respondents and rank-ordered the risks from highest to lowest impact.

Read our Executive Perspectives on Top Risks Survey executive summary and full report below.