Changing laws and regulations have become the biggest business risks affected by global policy changes, according to a UK and Europe-wide poll of more than 900 chief internal auditors.

The research shows that 64% of respondents say shifts in law and regulation are their biggest risk factor.

Cybersecurity and data security, following a number of headline-making breaches, comes in second with 50%.

Anne Kiem, chief executive of the Chartered Institute of Internal Auditors (CIIA), says the research reveals that global policy changes are having a “direct and growing” impact on the risks managed by businesses internationally.

“We urge business leaders to work closely with their internal audit teams to gain assurance that internal control and risk management frameworks are agile, responsive and robust in this fast-changing environment.”

States around Europe have made a slew of changes in response to ongoing geopolitical uncertainty, as well as the trade conflict driven by policy shifts from US president Donald Trump.

Cybercrime increases

Along with international conflict has also come an increase in cybercrime activity.

The third largest risk (46%) faced by business is “market changes”, including changing consumer behaviour and competition, with new technology and AI also on 46%. Climate change, biodiversity and environmental sustainability come in fifth at 43% as Europe undergoes a summer of heatwaves, bringing record temperatures and devastating wildfires.

While regulation may be uppermost in the minds of internal auditors, elsewhere it is a growing concern. A survey by the Chartered Governance Institute UK & Ireland found that most governance professionals believe the UK is overburdened by regulation.

In its risk survey for the first half of this year, the Bank of England found that confidence remains in the financial system but the “perceived risk” of a “high impact event” affecting the UK has risen.

But in tune with the CIIA, the Bank of England says geopolitical risk and cyber-attack “remain the most frequently cited risks” among those polled.

“Geopolitical risk continues to be considered by a majority of respondents as the most likely risk to materialise,” the bank says.

The CIIA has warned business about cyber risk previously. In an article for Board Agenda, senior staffers Gavin Hayes and Mo Warsame write that UK businesses are “simply not prepared as they should be for the scale or sophistication of today’s digital threats”.