Your crisis management plan: are you prepared for these business threats?

Summary

This article draws on survey data from more than 5,900 workers across North America, the UK and Ireland, and the Nordics to examine the biggest perceived threats to business operations in 2026 – and how well workers understand their employer’s crisis management plan.

Key findings include:

• Cyberattacks and data breaches are the top perceived business risk globally
• Roughly one in five workers in North America are entirely unaware of their organisation’s crisis management plan
• A significant awareness gap exists between managers and frontline workers in every region surveyed. Managers consistently report a much higher understanding of their company’s crisis management process
• Industry matters: construction workers are most concerned about serious workplace injuries, while utilities workers rank cyberattacks as their primary risk

Introduction

What do you consider to be the greatest threat to your workplace operations? The answer will change depending on your industry, but does your role within the company affect this perception as well? What about location?

As part of our 2026 Workplace Safety Report, we asked more than 5,900 employees about their understanding of crisis management in their workplace. Responses came from North America, the UK and Ireland, and the Nordics, across a variety of industries and roles.

The results were illuminating. Cyber-attacks or data breaches topped the list as the most significant threat to business operations globally. However, a strong regional (and national) component to the results can’t be ignored.

This blog will explore the results in full. We will also look at the level of understanding workers have (or don’t have) of their employer’s crisis management process.

Table of contents

Click on a specific section below to navigate to that area:

• Firstly, what is a crisis management plan?
• The top business risk in 2026: Cyberattacks and data breaches
• How well do workers understand their crisis management plan?
• What does your crisis management plan look like?

Firstly, what is a crisis management plan?

A crisis management plan is a thoroughly documented framework that sets out how an organisation will respond to a range of emergency scenarios. It typically defines roles and responsibilities, communication protocols, decision-making authority, and escalation procedures.

 You can find a crisis management plan checklist in our health and safety compliance toolkit.

The top business risk in 2026: Cyberattacks and data breaches

A Globally, cyberattacks and data breaches are considered to be the most significant threats to business operations by workers. According to IBM, the global average cost of a data breach reached $4.88 million in 2024.

The top 3 perceived threats on a global scale are:

• 1. Cyberattack or data breach
• 2. Pandemic or infectious disease outbreak
• 3. Serious workplace injury or medical emergency

Let’s take a closer look at these results on a regional and national level:

Top UK and Ireland business risks

Among UK and Ireland workers, a cyberattack or data breach ranked as the greatest threat at 42%. Looking at the individual rankings gives us a better idea of country-specific risk: 

UK

• Cyberattack or data breach – 40% 
• Serious workplace injury or medical emergency – 27% 
• Fire or evacuation-related incidents – 23% 

Ireland

• Cyberattack or data breach – 50% 
• Pandemic or infectious disease outbreak – 30% 
• Serious workplace injury or medical emergency – 26% 

Why would cyberattacks rank so high? There have been several high-profile cyberattacks and data breaches in the UK and Ireland in the recent years. 

A UK government survey in 2025 found that approximately 612,000 UK businesses and 61,000 UK charities had been subject to a cyber security breach or attack in the preceding 12 months. 

In Ireland, it was reported in 2025 that nearly 90% of businesses ‘had suffered some form of financial loss and commercial disruption as a result of a cyberattack’. 

We noted that Irish workers ranked severe weather or natural disaster events notably higher than the UK, at 24% vs. 16%. 

Interestingly, our demographic data suggests that concern about cyberattacks or data breaches was more pronounced among UK and Ireland respondents who identified as managers (47%) vs. those who identified as workers (35%). Both groups were concerned about serious workplace injuries or medical emergencies at the same rate (27%). Managers were also more concerned about supply chain or logistics disruptions (24%) than workers were (16%).

Top USA and Canada business risks

For workers in the USA and Canada, serious workplace injury or medical emergency holds the top position as the greatest perceived business risk. The national breakdown is as follows:

USA

• Severe weather or natural disaster– 28% 
• Serious workplace injury or medical emergency – 27% 
• Physical security treat or unauthorised access – 25% (tied)
• Pandemic or infectious disease outbreak – 25% (tied)

Canada

• Cyberattack or data breach – 31% 
• Serious workplace injury or medical emergency – 27% 
• Fire or evacuation-related incidents – 24% (tied)
• Physical security treat or unauthorised access – 24% (tied)

In Canada, cyberattack or data breach is the standout concern at 31%, the highest score of any risk categories in Canada and above the North American average of 26% for that category. The Canadian Centre for Cyber Security identifies ransomware as the top threat to critical infrastructure, with incidents growing an average of 26% year-over-year since 2021.

Recent examples include the 2023 LockBit attack on Toronto’s Hospital for Sick Children, a 2024 attack on London Drugs that disrupted pharmacy operations across western Canada, and a March 2025 ransomware attack on Nova Scotia Power that exposed the personal and financial data of nearly 280,000 customers.

In the USA, severe weather ranks most prominently among concerns at 28%, compared to just 23% in Canada. According to the US National Oceanic and Atmospheric Administration, 2024 brought 27 separate billion-dollar weather and climate disaster events across the country, with a combined economic toll estimated between $479 billion and $532 billion. The January 2025 Los Angeles wildfires alone caused an estimated $61 billion in damages and forced over 200,000 evacuations.

Our demographic data suggests that concern about cyberattacks or data breaches was more pronounced among USA and Canada respondents who identified as managers (31%) vs. those who identified as workers (21%). Both groups expressed concern about the other top 5 perceived risks at more or less the same rate.

Top Nordic business risks

Workers in the Nordic countries ranked cyberattack or data breach as the top perceived threat, with an overall average of 31%. The top threat on an individual country basis are as follows:

According to the International Labour Organisation, Norway recorded 1.1 fatal workplace accidents per 100,000 workers in 2022, placing it among the lowest in the world.  

Statistics Norway records an accident rate of 6.7 per 1000 employees in 2024 across all industries, with 25 fatalities in that year. Agriculture, forestry and fishing were identified as having the highest injury rate among the listed sectors (12.7), followed closely by transportation and storage (12.5). 

As one of the most digital counties in the world, it’s perhaps not surprising that cyberattack or data breach ranked as the highest perceived threat in Denmark. Danish companies and state-bodies have been subject to several high-profile security breaches in recent years, including the cyberattack on wind turbine maker Vestas is 2021 and data breach that hit the National Bank of Denmark in 2020.

While more Nordic respondents who identified as managers expressed concern about a cyberattack or data breach (34%) vs. workers (30%), we noted this difference was not as pronounced as in the other regions surveyed. A wider discrepancy was seen in workers fears about pandemics or infectious disease outbreaks (34%) vs. managers (24%).

Top business risks – industry focus

We took a special focus on 3 industries in our survey; manufacturing (14% of total respondents), construction (10% of total respondents) and utilities (approximately 4% of total respondents). The top 3 perceived threats in each industry were:

These may not come as much of a surprise to readers. As we have seen, utilities companies have found themselves targeted during cyberattacks and data breaches. Workers in manufacturing are naturally going to be focused on supply chain or logistics concerns. That serious workplace injury or medical emergency ranks so highly for all industries (particularly construction) indicates a potential gap in employers’ perception of the risks faced by their workers.

How well do workers understand their crisis management plan?

When asked if they were aware if their company had a defined crisis management process or framework, over half of workers surveyed said they had some level of understanding of it. This knowledge of their employer’s crisis management plan varies by region.

Crisis preparedness in the UK and Ireland

When asked whether their employer has a defined crisis management plan, 30% of workers in the UK and Ireland said that they understood it well.

There are some differences at the country level. 59% of UK workers say they understand the plan well or understand the basics. This drops to 51% of workers in Ireland.

A stark 36% of workers in Ireland report that they aren’t aware of a plan in their workplace or are unsure. This compares to 31% of workers in the UK.

According to our demographic data, managers reported a much higher level of knowledge of their company’s crisis management process (‘Yes, and I understand it well = 40%) vs. workers (‘Yes, and I understand it well = 18%).

Crisis preparedness in the USA and Canada

Across North America, 37% of workers say they understand their company’s crisis management plan well, 25% know the basics, and 8% know a plan exists but are unfamiliar with its contents.

The country split is significant: 41% of USA workers say they understand the plan well, compared to only 29% in Canada. More concerningly, 20% of USA workers and 23% of Canadian workers say they are not aware of any crisis plan at all.

Overall, across North America, 21% of workers are unaware of a crisis plan. This means roughly one in five workers may walk into a crisis scenario with no understanding of what their organizsation expects of them. This is a significant risk exposure, particularly in sectors with high physical or environmental hazard profiles.

Managers again reported a much higher level of knowledge of their company’s crisis management process (‘Yes, and I understand it well = 48%) vs. workers (‘Yes, and I understand it well = 25%).

Crisis preparedness in the Nordics

An average of 60% of Nordic respondents had some level of understanding of their workplaces’ crisis management process (combining ‘yes and I understand it well’ = 29% and ‘yes, but I only know the basics’ = 31%).

Sweden had the highest level of respondents answering that they understood the plan well at 32%.

Denmark had the highest number of respondents saying that they were not aware of any plan (20%). 

Consistent with the other regions surveyed, managers again reported a much higher level of knowledge of their company’s crisis management process (‘Yes, and I understand it well = 40%) vs. workers (‘Yes, and I understand it well = 23%).

What does your crisis management plan look like?

The building blocks of a crisis management plan are quite universal:

• Detailed risk analysis
• Legal requirements
• Activation/ escalation mechanism
• Crisis management team roster
• Contact information
• Crisis communication plan (internal and external)
• Resources, such as accessible templates for status meetings etc.

What isn’t universal is the exact nature of risks or crises that may affect your organisation.

There is a wealth of information here for proactive safety managers to take advantage of. Are you aware of what your employees consider to be the biggest risk your business faces? If there is a large disconnect between what management believe to be the no. 1 threat vs. what the employees understand it to be, this could have extremely negative connotations for your crisis management plan and risk assessments.

In addition to this, if management are the only ones who know about the plan and understand it, how can you expect people to behave in the way you expect in a crisis?

There are more insights contained in the full 2026 Workplace Safety Report. Ready to see it all? Visit the link below: