There was a moment last autumn when I sat in a boardroom on the edge of the City and listened as a CFO, tapping her pen on a notebook full of red lines, said she found it easier to forecast supply chain costs than to model the next geopolitical shock. It was an odd thing to hear from someone whose job title broadly includes steering risk management, yet it stuck with me because it felt like a quiet marker of this moment in corporate life. UK companies, from the family run maker of bespoke furniture in Nottingham to the multinational headquartered near Canary Wharf, have begun to treat questions of financial resilience not as tick-box regulatory chores but as a defining challenge of the 2020s.
The data bear out that impression. Bank of England figures show that, in the aggregate, British corporates carry less net debt relative to earnings than at any point in recent memory, a legacy of pandemic era caution and modest post-Covid growth. That gives policymakers some reassurance that, at a systemic level, firms are less likely to amplify a shock by collapsing under unsustainable leverage. But aggregate measures mask the unevenness beneath them. Many sectors and individual businesses still face debt burdens that restrict agility just when agility is most needed.
It is striking how often the conversation among UK executives quickly pivots to resilience in terms that have little to do with financial ratios and much to do with the weatherworn art of staying afloat. Whether it is cash-flow planning or maintaining access to credit markets, directors talk about resilience in a tone that traces back to almost a decade of uncertainty: Brexit negotiations, political churn in Westminster, interest rate volatility, and now a geopolitical landscape that seems always one tweet away from change. Marsh McLennan’s annual UK Business Risk Report found that economic and financial challenges were the number one concern for business leaders, beating even cyber threats and people-related risks in perceived severity.
Risk management teams I spoke with this winter express something like unease rather than panic around these challenges. There is respect for the fact that cash reserves and access to finance are sturdier than they might have been, but there is also a sense that the toolkit for resilience is being forced to broaden. Old-school financial metrics are still necessary, but they are no longer sufficient because risk has become more interconnected. Cyber incidents can cause a cash crunch not just a reputational headache. A supplier’s breakdown 2,000 miles away can have ripple effects on production costs in Somerset. And more than one risk officer has remarked to me that cyber risk is increasingly inseparable from financial risk, even though many firms hesitate to treat them that way.
There is a practical side to this shift. KPMG’s survey of UK financial services leaders revealed that over 60 percent planned to increase investment in risk-proofing activities this financial year. What counts as risk-proofing covers a wide span: enhanced scenario planning, upgrading IT infrastructure to resist attacks, bolstering liquidity buffers and even contingency spending on alternative supply routes. Directors talk less about building castles and more about creating nervous systems that can sense and adapt quickly.
And yet, the pressure is real. Almost every risk manager I know admits to a kind of internal tug-of-war between growth aspirations and defensive postures. One general counsel at a tech firm in Cambridge laughed wryly when asked if risk management had become more central over the last two years. He said that if his box of risk registers were ever published as a novel, it would be a tragedy. This sort of grim humour is common in meetings when the word resilience is first raised. But there is admiration, too, for colleagues across industries who have had to reinvent their approaches on the fly.
Operational resilience has transformed from a regulatory buzzword into a strategic imperative. Reports on the risk landscape for 2026 emphasise that firms must demonstrate robust resilience not just on paper but in governance structures, outsourced relationships and everyday business operations. That subtle shift has pushed many companies to rethink how risk flows through every corner of their organisation rather than sitting in some annexed risk function.
I remember a conversation in Manchester with the CEO of a mid-sized manufacturer who spoke about resilience in terms that echoed an older business wisdom. He said his team had learned more about their vulnerabilities during a brief power outage than they had from endless boardroom briefings on financial ratios. I had nodded then, and I nod now, because what is striking in these months of reporting and wandering between firms is how often resilience turns out to be gained in the everyday strain of unexpected events.
Cyber and AI risks present a distinct twist. The latest Allianz risk barometer shows concern about digital disruption outpacing nearly every traditional worry among UK businesses. Even firms that consider themselves conservative financially are fretting about the cost and fallout of a serious cyber incident. This has pushed boards to treat cyber risk as a financial risk because a breach can quickly translate into regulatory penalties, customer loss, and unexpected expenditures.
What emerges from conversations with people across UK plc is a mosaic of cautious optimism mixed with acute awareness of vulnerability. Boards talk about resilience with the same gravity they once reserved for growth strategies. The nuance now lies in striking a balance. Companies cannot simply batten down the hatches forever; they must invest in innovation, talent and markets even while they defend against disorder.
This is the texture of British corporate risk management today: a conversation that is practical but tinged with uncertainty, where leaders borrow from old playbooks and improvise new ones, all while trying to believe that the next shock will be manageable rather than catastrophic. There is a kind of weary admiration for this moment because, after so many cycles of change, resilience feels as much a cultural stance as a financial strategy.
