Skip to content
Back to blog

Risk Perception & Employee Misconduct Gap

5 minute read

Risk Management Compliance Strategy
Last updated: September 18, 2025

Business Continuity ManagementA recent Skillcast survey has highlighted the significant gap between the incidence of misconduct observed by employees at UK firms and the risk perception of decision-makers. 

See our Risk Management Training Package

Key findings

  • Decision-makers perceive far higher misconduct risk than employees report. Managers and senior staff rate threats like data breaches and fraud higher than the incidence witnessed by employees.
  • Employees most commonly witness health and safety plus discrimination and harassment. These issues are the dominant forms of misconduct observed across companies, while financial crimes are reported far less by staff
  • Managers’ higher risk perception may reflect broader visibility and lower tolerance. Decision-makers incorporate limited employee visibility, potential underreporting, and stricter risk tolerance when assessing misconduct exposure.
  • Smaller firms may underestimate some risks due to control confidence or weaker awareness . Decision-makers at small firms often feel more in control and report lower perceived risk, which could indicate gaps in understanding or tolerance of breaches.

From our UK Corporate Compliance Survey in May 2019,  which covered 4,000 employees and decision-makers at UK firms, we observed a significant gap between the incidence of misconduct observed by employees and the risk perception of decision-makers. And notably, this gap widens the larger the size of the company.

Which types of employee misconduct do UK workers most often report witnessing?

In the survey, we asked employees at UK companies if they had witnessed any of the common acts of employee misconduct in the past twelve months. The responses (see Figure 1) revealed that:

  • The vast majority (67%) had not witnessed any act of misconduct in the workplace
  • Health & safety, and discrimination & harassment breaches were by far the most common examples of misconduct witnessed
  • Personal data & IT security breaches and fraud were cited by a tiny minority
  • Instances of money laundering, sanctions, bribery & corruption, competition law/collusion were practically insignificant

Figure1-Observed-Misconduct-All-sm

How do UK decision‑makers rate the risk of employee misconduct compared with employees?

To the decision makers at UK companies, we put the question slightly differently. We asked them what acts of employee misconduct they fear most in their business. The responses (see Figure 2) revealed that:

  • The risk perceptions of decision-makers were a lot higher, but the profile matched the risks being reported by employees
  • 40% of the decision-makers reported not being at risk of employee misconduct in their business - this figure ranged between 15% at larger firms, 26% at medium-sized firms and 65% at small firms
  • As with employees, Health & safety, and discrimination & harassment risks also figured highly with the decision-makers
  • But, unlike employees, the decision makers have an equally high threat perception from personal data & IT security breaches and fraud
  • Decision makers perceive the risk of money laundering, sanctions, bribery & corruption, competition law/collusion to be lower but still very significant

Figure2-Risk-Perception-All-Decision-Makers-sm

How large is the perception gap between observed misconduct and executive risk concerns?

The above findings show that, overall, decision-makers have a far higher risk perception than the incidence of misconduct observed by employees (see Figure 3).

FIgure3-Perception-Vs-Incidence-sm

The incidence of misconduct observed by employees is relatively unchanged irrespective of the company size (see Figure 4).

Figure4-Observed-Misconduct-By-Size-sm

However, the risk perception of the decision-makers is vastly different, with those at large firms significantly more worried about employee misconduct than those at smaller firms.

Figure5-Risk-Perception-By-Size-sm

Consequently, the difference between the incidence observed by employees and the risk perception of the decision-makers is far wider at large and medium-sized firms.

Figure6-Risk-Perception-Vs-Observed-Misconduct-Small-sm

Figure7-Risk-Perception-Vs-Observed-Misconduct-Medium-sm

Figure8-Risk-Perception-Vs-Observed-Misconduct-Large-sm

Why is the gap between observation and perceptions of misconduct greater at larger companies?

This discrepancy between small, medium and large firms above is significant and based on the results of polling over 2,000 employees and 2,000 decision-makers. Making sense of it, though, is open to conjecture. A multitude of factors could be at play. We propose two premises below and invite you to add others based on your own experience.

  1. Decision makers at smaller firms feel more in control of the actions of their employees, and hence their risk perception is closer to the observation of misconduct reported by employees. At larger firms, decision-makers feel less in control and hence have a heightened perception of risk.
  2. The observation of misconduct reported by employees will inherently underestimate the actual incidence of misconduct due to employees' limited access to information and misunderstanding of what constitutes misconduct. Consequently, the risk perceptions of the decision makers should be expected to be higher to match the actual incidence and to factor in lower tolerance of misconduct. The fact that decision makers at smaller companies have lower risk perception may be because of poor understanding or higher tolerance of breaches than the decision makers at larger companies.

Risk Perception & Employee Misconduct Gap FAQs

How can firms benchmark their misconduct perception gap against industry peers?

Use anonymised external surveys, purchased industry benchmarking reports and cross‑sector indices, then normalise by firm size and function to produce comparable perception‑gap scores for board reporting.

How should firms structure whistleblower protections to increase reporting rates?

Provide multiple safe reporting channels, guaranteed anonymity options, anti‑retaliation policies, rapid acknowledgement timelines and visible follow‑up actions to demonstrate protection in practice.

How can actuarial or risk teams quantify the financial impact of perception gaps?

Model potential loss scenarios combining incident frequency uplift from under‑reporting, estimate detection delays and apply cost metrics for remediation, fines and reputational loss to produce a quantified exposure range.

Want to learn more about risk management?

Our Risk Management Training Package contains e-learning content designed to help organisations meet fundamental compliance requirements. Courses in the libraries include:

We also have additional free resources such as e-learning modules, microlearning modules, and more.

If you've any questions or concerns about compliance or e-learning, please get in touch.

Related articles

remote-worker-monitoring-yougov-survey-|-skillcast
Compliance Strategy

Remote-worker Monitoring YouGov Survey | Skillcast

5 minute read

Our most recent YouGov survey makes some stark reading. Over half of the British workforce would refuse to work for an employer that used remote monitoring

Read the article
remote-working-compliance-insights-|-skillcast
Compliance Strategy

Remote-working Compliance Insights | Skillcast

10 minute read

Discover the key results of our Remote-working Compliance Survey conducted by YouGov assessing decision-maker issues, attitudes and perceptions in the UK.

Read the article
best-practices-for-compliance-surveys-|-skillcast
Product News & Events Compliance Strategy

Best Practices for Compliance Surveys | Skillcast

5 minute read

Compliance surveys are a great way to understand employee attitudes, beliefs and behaviours relating to key topics. But how and what should you survey? 

Read the article