Add a bookmark to get started

9 February 202441 minute read

Updating risk factors in 2024: Considerations and trends from early filers

As registrants prepare their Annual Report on Form 10-K for fiscal year 2023, it is important to consider recent economic, social, and political developments. Material risks to registrants may include, among others, risks related to increasing cybersecurity threats, climate change, unpredictability surrounding artificial intelligence, the economy, political instability, and conflicts. These risks should not be considered in a vacuum, as they are developments that may impact a registrant’s discussion of its business and its Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A).

In this alert, DLA Piper’s Public Company Advisory group discusses certain risk factors for companies to consider including in their 2023 Annual Reports on Form 10-K and trends from Russell 3000 companies that have filed a Form 10-K from August 1, 2023 to January 31, 2024 (“Early Filers” and our study of these risk factors, the “Early Filers Analysis”). 

1. Cybersecurity

On July 26, 2023, the Securities and Exchange Commission (SEC) issued a final rule requiring enhanced cybersecurity-related disclosure. In addition to these increased disclosure requirements, registrants may consider updating their cybersecurity-related risk factors to reference, for example, specific cybersecurity incidents or risks related to supply chain or third-party attacks.  

Additional guidance on updating risk factors related to cybersecurity in Form 10-K, as well as guidance on the final rules on cybersecurity and risk governance pertaining to Form 10-K, may be found in this DLA Piper alert.

2. Climate-related disclosures

In 2023, the world experienced a significant number of extreme weather events, such as unusually warm temperatures, wildfires in Canada that spread smoke across the central and eastern United States and other parts of the world, a tragic wildfire in Maui, a devastating hurricane on the west coast of Florida, a tropical storm in Southern California, numerous tornadoes across the American Midwest, and other extreme weather events. Some companies may have experienced disruptions from these events.  

Any future increase in the severity and number of those extreme weather events may pose a material risk to those registrants whose business operations are subject to major disruptions or damage arising from climate extremes. Consequently, registrants may consider preparing a climate-change risk analysis to reflect: (1) physical risks arising from climate change and extreme weather, including flooding, drought, wildfires, smoke and wind damage; (2) financial risks from climate change, including interruption of supply chain, costs of repair and restoration to damaged facilities, and costs of retrofitting existing facilities to comply with new standards of green technology; and (3) regulatory risks that federal and state governments will impose strict limitations on GHG generated by manufacturing and other commercial activities.

Our Early Filers Analysis found that 73 percent of Early Filers included a climate or ESG-related risk factor in their most recent Form 10-K. Additionally, we found:

  • 48 percent of Early Filers discussed ESG within the context of a climate-related risk factor

  • 40 percent of Early Filers included an ESG-related risk factor separate from a climate-related risk factor

  • A small minority of Early Filers mentioned risks related to compliance with specific climate-related regulations:

    • The SEC’s March 2022 proposed climate disclosure rule: 10 percent

    • The EU Corporate Sustainability Reporting Directive (CSRD): 4 percent

    • The EU’s pending Corporate Sustainability Due Diligence Directive (CS3D): Less than 1 percent

    • California climate legislation: Less than 2 percent

Some of the most common risks discussed these risk factors include the following:

Type of risk

Percentage of Early Filers discussing risk

Compliance with climate/ESG regulations (including increased costs)


Risk of material adverse effect on profitability or results of operations resulting from climate-related risks


Risk of extreme weather events (drought, wildfire, thunderstorms, snow, earthquakes, floods, hurricanes, "natural disasters”), within the context of a climate-related risk factor


Reputational harm among stakeholders


Disruptions to manufacturing operations (such as project cancellation)


Disruptions of supply chains with limited availability of materials


Adverse effect on product demand


Damage to facilities


Water resources (availability, scarcity)


Inadequate insurance coverage


Increased energy usage or increased product costs


Risk of climate or ESG-related lawsuits


Inability to respond to regulations to minimize emissions with ESG goals


Net zero commitment


References “corporate social responsibility” or “corporate responsibility” within the context of a climate-related risk factor


Forests or deforestation


Inability to compete with companies not subject to regulations


Land degradation or desertification




Need for technologies that do not currently exist to meet net zero commitments or other climate goals


* = Less than 2%

3. Artificial intelligence

On October 30, 2023, President Joe Biden issued an Executive Order establishing new standards for Artificial Intelligence (AI) to be implemented by federal agencies for the purpose of realizing AI’s benefits while mitigating its substantial risks. In addition to issues of public policy arising from AI use, private companies may use AI for business operations such as accounting, programming, coding, and chatbots and, if their AI systems suffer a cyberattack or are operated improperly, incompetently, or otherwise in violation of privacy laws, such companies could sustain massive damage to their infrastructure, reputation, financial condition, and business operations, especially in the case of online businesses and e-commerce websites. In addition, given the level of investor excitement about the possibilities of AI, it is important to provide appropriate, balanced disclosure about the company’s use of AI.  Registrants should be aware that their use of AI will likely be a focus of the SEC and investors in this annual reporting season and that accurate and complete disclosure of the company’s use of AI and AI-related risks will be necessary. 

Our Early Filers Analysis found that 84 percent of Early Filers included AI-related risk factors. However, more than 70 percent of these were “non-substantive” risk factors – in other words, they included a passing reference to artificial intelligence without a discussion of specific risks related to AI (such as a statement that the company must keep up with new technologies, such as artificial intelligence, among other emerging technologies).  Some of the most common risks related to AI discussed in AI-related risk factors include the following:

Type of risk

Percentage of Early Filers Discussing Risk

Ability to keep up with new or existing market competitions, AI developments, or technological change


Increased regulation and investigation, enforcement and litigation


AI-related security or data breach


Reputational harm


Social and ethical issues


Deficiencies and inaccuracies in AI output and reliability


Dependence on and flaws in algorithms and datasets; lack of back-testing


Business risk due to replacement


Unintentional bias and discrimination; fairness


4. COVID-19

Although no longer commanding front-page headlines, COVID-19 still exists, and infections may rise again as the seasons evolve. The virus also may appear alongside seasonal flu and respiratory illnesses such as syncytial virus, or RSV. Such disruptions could increase the risk of volatility in financial markets, and lead to disruptions to work, layoffs, school shutdowns, and limited shopping at brick-and-mortar stores, together with an increased strain on medical facilities and substantial costs for implementation of preventative measures. 

On the other hand, during the height of the pandemic, most companies drastically increased the prominence and level of detail in disclosure about COVID-19, in light of the many ways it was then impacting or could impact the company.  Some of these impacts likely have changed.  

Registrants should consider if the level of COVID-19 impacts described in historical disclosure remains accurate and complete.  This may include whether an increase in COVID-19 cases, or the appearance of other new pandemics, would have a material adverse impact on business, financial condition, and results of operations by increasing the risk of supply shortages, store closures, decline in retail spending, factory closings, reduction in operating hours, and labor shortages.  Of course, if such developments may result in favorable dynamics for a company, then the company should carefully describe the risk that such developments may in the future change in unfavorable ways. Our Early Filers Analysis found that 88 percent of Early Filers included a COVID-19-related risk factor. Among the most common risks discussed are the following:

Type of risk

Percentage of Early Filers discussing risk

Financial impact on cash flow, liquidity, stock price, or results of operations


Unpredictable impacts with inability to predict future performance


Supply chain issues and disruptions


Impact on consumer demand


Government or regulatory response of restrictions to contain spread


Increased or heightening of other risk factors


Shutdowns of facilities


Impact on global capital markets and cost of borrowing


Reductions in labor workforce


Operational risk with remote work (such as cybersecurity or productivity)


5. Inflation and interest rates

Continuing inflation and rising interest rates have had a major adverse impact on numerous sectors of the United States economy, including retail sales, commercial real estate, grocery prices, wage rates, gasoline costs, credit card debt, and other every-day expenses. For example, in commercial real estate, many building owners face the need to obtain refinancing of low interest rate loans obtained during the COVID-19 pandemic but may not be able to find refinancing at all, or only at substantially higher interest rates, thereby creating a substantial risk of foreclosure or bankruptcy. 

In the retail sector, as customers have less disposable income because of inflation, sales volume may have decreased, causing manufacturers and retailers suffer. Also, both union and non-union workers have won recent gains in wages and benefits that may impact margins and will likely find their way into higher prices for goods and services. 

Registrants may consider whether their risk factors cover risks related to the macroeconomic conditions, any slowing of the American economy, a possible recession and its potential material adverse effects on business operations, and financial conditions specific to the company arising from such economic factors.  

6. Congressional and political instability in the United States 

On January 18, 2024, the United States Congress passed a Continuing Resolution to extend current federal appropriations until March 2024, the third such extension since the beginning of the government’s 2024 fiscal year on October 1, 2023. This instability may have a material adverse effect on registrants that are dependent on Congress passing annual appropriation legislation to fund new and ongoing federal programs, that otherwise have business operations that may be adversely impacted by a federal government shutdown, and that hold material amounts of federal government securities that may face risk of a default or lower credit rating. Periodic threats of a government shutdown, combined with the failure of the Congress to pass major or lasting funding bills, may create meaningful uncertainty in many sectors.  

Additionally, the 2024 Presidential election cycle creates uncertainty as to the direction of regulations impacting registrants in the coming years. Registrants likely to be affected by a federal government fiscal crisis, including a potential default or shutdown, or by a change of administration should consider reviewing their risk factors to ensure these risks are adequately covered.

7. Wars and global tensions

Calendar year 2023 was marked by a level of wars and violence across the globe that has exceeded recent periods. The war between Ukraine and Russia continues with no sign of a cessation of hostilities. Israel is at war with Hamas after the horrific massacre of civilians on October 7, 2023. Iranian proxies have frequently attacked United States military bases in Iraq and Syria, which has been met with a US military response. China has indicated its desire to take over Taiwan by military measures, if necessary, as well publicized confrontations have occurred in the South China Sea involving multiple jurisdictions. Tensions have also substantially increased on the Korean Peninsula after North and South Korea suspended an inter-Korean agreement intended to reduce the conflict along their shared border, further heightened by North Korea’s recent launch of a spy satellite. 

The SEC’s Division of Corporation Finance has not yet issued disclosure guidance focusing on the Israel-Hamas war or other recent conflicts. However, in 2022, the SEC released a sample comment letter covering a registrant’s Russia/Ukraine-related risks and other disclosure obligations. The sample comment letter can be used as guidance for disclosures by registrants having (1) direct or indirect exposure to those parties and conflicts and the possible impact on their operations, customers, employees, investments, and securities; (2) direct or indirect reliance on goods or services sourced in the areas and parties affected by these conflicts; (3) actual or potential disruptions in the registrant’s supply chain; and/or (4) business relationships with (including with people sanctioned by the United States and other foreign governments), connections to, or assets located within war zones or areas at risk for hostilities. 

8. China’s economy

China’s economy is facing a variety of challenges, such as a housing bubble, massive local governmental debts, slumping consumer confidence, and deflation. It is also experiencing a recent weakening in its manufacturing, services, and construction sectors. In China, developers have produced millions of unfinished but presold housing units; those developers are in financial distress and lack the financial ability to complete construction. The Chinese central government has earmarked approximately $48 billion in funding to assist underfunded developers to finish these presold projects. China is also currently suffering from deflation, with falling producer prices and declining sales growth. Adding to economic uncertainty are political tensions between China and the United States, particularly over the fate of Taiwan and potentially Hong Kong. Registrants having direct or indirect exposure to China through their operations, investments, manufacturing, and sales activities may consider such exposure and the impact such economic conditions, and determine if such risks are adequately addressed in their risk factors. 

Hypotheticals and final thoughts

As we have noted in prior client alerts, when updating risk factors, registrants should review hypothetical and forward-looking language closely and consider if the “hypothetical” risk has been realized and is no longer a potential risk or contingency, such as language that cyberattacks “may” occur when the company has experienced, or regularly experiences, cyberattacks.  The SEC has pursued enforcement actions against companies that included hypothetical risk factor language when an event had actually occurred and was no longer hypothetical, arguing that this language was misleading to investors. 

In addition to scrutinizing hypothetical risk factors and the risks discussed above, registrants should consider and account for other risks relevant to industry specific issues. In particular, registrants should consider whether recent regulatory developments and legislation, or proposed legislation, presents new material risks to the business.  When reviewing these topics, registrants should ensure that disclosures are tailored to the registrant’s circumstances and address the registrant’s specific material risks.

If a company has analyzed an important risk or a risk bearing on a topic of SEC scrutiny (such as risks associated with climate change and climate transition) and determined that the risk is not material to the business, disclosure teams should consider documenting the company’s materiality analysis, as the SEC has pushed issuers on materiality in recent comment letters. 

By considering these key issues, registrants can better inform investors and protect themselves from regulatory scrutiny.

Return to our full set of alerts on key considerations for the fiscal year 2023 annual reporting season. For more information on the final rules or how registrants can prepare for compliance, please contact any of the authors of this article or your DLA Piper relationship attorney.