Most boards would not knowingly ignore their best source of early risk intelligence, but that is exactly what is happening. While geopolitical instability, supply chain exposure and regulatory changes feature prominently in board-level conversations, there remains an extremely consequential oversight: the treatment of people raising concerns about a company’s operations and supply chain.

New research published this week by the Business and Human Rights Centre reveals nearly 800 attacks in 2025 against people who spoke out about business-related risks and harms. This is the highest number we have tracked since 2020, amounting to an average of more than two attacks per day, across 80 countries and connected with almost every business sector.

People who spoke out faced widespread and systemic attacks, ranging from judicial harassment to lethal violence. The figures relating to this are stark: 53 people were killed for raising concerns about business-related risks and harms, while Indigenous Peoples experienced 30% of attacks, despite making up just 6% of the global population.

Judicial harassment accounted for more than half of all attacks, including arrests, detentions and strategic lawsuits (SLAPPs), an abuse of legal systems designed to drain defendants of resources, silence dissent, and create a chilling effect on freedom of speech.

This should concern every board. These attacks are an indicator and a consequence of poor governance and ineffective risk management—and they are also bad for business.

Defenders are your early warning system

There is a business case here and it is not complicated. When human rights defenders (community leaders, environmental activists, journalists, trade unionists) speak out about risks and harms related to business activities—and potential harms before they have been caused—they are your early warning systems. They help identify risks before they become crises, expose harms before they turn into litigation, and challenge injustices before they become entrenched. These voices provide your business with vital information, without which your companies are likely to remain unaware of risks embedded within your supply chains.

When companies fail to consult meaningfully with affected communities, or when people raising concerns are met with intimidation, criminalisation or physical violence, the company loses access to that information. It proceeds without a full picture of the risks associated with its operations, value chains and business relationships.

What follows is predictable: escalating conflict, protest, regulatory scrutiny, reputational damage and financial loss—all of which could have been avoided. Fast-tracking business projects without genuine stakeholder engagement is one of the primary drivers of project delays, cost overruns and licence-to-operate crises that boards find themselves managing after the fact.

What should boards be asking?

The question for boards is not whether their company is directly perpetrating these attacks. In most cases it is not: our data shows that 86% of identified perpetrators are state actors (police, judicial systems, local authorities). The question is whether your company’s conduct is contributing to the conditions in which these attacks occur.

Companies can be connected to these attacks by activities such as urging authorities to disperse peaceful protests, amplifying misinformation that leads to criminalisation, or increasing pressure in contexts of already existing conflict.

Before signing off on a project, you should be asking whether your company has consulted meaningfully with affected communities before proceeding with projects that affect their land, water and livelihoods. And where disputes do occur, you should be ensuring the company is not taking any legal action designed to intimidate people raising concerns.

There is a simpler question still: does the company have a public policy commitment, approved at board level, to zero tolerance for attacks on defenders? If they do, does the policy meet three basic criteria for an adequate policy: 1) committing to not tolerate or contribute to attacks on defenders; 2) expecting business partners to commit to the same; and 3) committing to work with defenders to create enabling environments for civic engagement and human rights. This is a gap that is both a governance failure and a material risk.

The business case for open civic space

Beyond the stark data about the scale of attacks, our research also highlights a deeper structural shift: governments exploiting national security rhetoric to violate rights, and digital technologies that are driving the erosion of civic space worldwide.

Boards may be tempted to see this as solely a reputational issue to be managed, but that would be a mistake. Contexts where people can raise concerns and innovative solutions, where the press can report freely and where communities can organise around issues of shared concern, are more stable and predictable operating environments for business.

The erosion of those freedoms doesn’t only harm activists, it also harms companies and investors who depend on reliable information, functioning institutions and a social licence to operate. Protecting people speaking out about corporate harm is a human rights imperative, but it is also crucial for responsible business and long-term social and economic stability.

A world in which civic freedoms are restricted and democracy is weakened is a more dangerous world for everyone, including business.

If companies truly want to prevent attacks against people voicing concerns about business practices, the answer is straightforward: engage in genuine consultation with communities affected by your operations or potential operations, conduct human rights and environmental due diligence that goes beyond box-ticking (as part of the corporate responsibility to respect human rights), and adopt a zero tolerance approach to the conditions that put these people at risk, both in policy and practice.

The data published this week makes clear that many companies are falling short of this basic standard. The question for boards is whether they are paying attention.

Christen Dobson is co-head of the Civic Freedoms & Human Rights Defenders Programme at the Business and Human Rights Centre