Approaching midyear, business leaders are bullish on growth and the opportunities ahead. Some 87 percent of US CEOs are highly confident in the growth prospects of the US economy, 78 percent are highly confident in the growth of their company, and most expect to increase headcount over the next year.[1] At the same time, the macro forces of generative artificial intelligence (GenAI), climate change, a multipolar geopolitical landscape, and the erosion of trust and healthy public discourse are sobering the outlook and prompting deeper boardroom conversations about risk and strategy, talent, and what the future will look like for the company, corporate America, and the country.

The following observations and insights—based on our ongoing work with directors and recent conversations with business leaders and luminaries at the 2024 KPMG Board Leadership Conference[2] —may be helpful as boards calibrate their agendas for the second half of 2024.

Globalization’s pendulum swing

The continuing pull-back on supply chains is likely just one indicator of a broader pendulum swing that’s reshaping the full-throttle globalization of recent decades. Shifting from the “cheaper-faster” strategies enabled by highly complex, decentralized supply chains to greater or even hyperlocalization and control of a company’s networks—suppliers, services, data/information—is clearly about resilience of the company. But concerns about the resilience of national economies—and of the global business arena at large—are also driving the momentum toward more centralized and local supply chains.

National industrial and security policies and “country-first” models are taking center stage, and de-risking and friend-shoring (particularly in strategic sectors like chip technology and critical minerals) are hedges against geopolitical shocks and exposure to arbitrary local rules. The recognition that the long run of growth driven by cheap capital, labor, and energy is giving way to the realities of a more challenging—and costlier—future is prompting conversations about the resilience of the global economic system.

As this globalization reset unfolds, companies will face pressing questions. Is the company prepared to operate in a higher-cost (of capital, green tech/energy, labor) environment? What is the right balance between operating efficiently, maximizing growth, and ensuring resilience? For corporate America more broadly: How will companies use their agency and creativity to help create value not only through consumer-driven growth, but to help build America’s economic and industrial assets and capabilities—including a healthy, educated workforce—to stay competitive in an increasingly multipolar world?

GenAI’s trajectory

“Go faster, but slow down” is a prevailing tension with GenAI adoption, perhaps second only to distinguishing the hype from the reality. It is quickly becoming clear that GenAI will transform the way we work, with substantial near-term gains in efficiency (as one speaker noted, productivity is one of the killer apps of GenAI). Longer term, the second—and third—order effects may produce a seismic shift in societal structures and change political and economic participation, with macro implications for business and society more generally.

While the trajectory of GenAI deployment is still uncertain, for many companies, 2024 will be the year they move from experimentation to larger-scale rollouts; 2025 may be the year of significant measurable results in workforce productivity; and in 2026, we may start to see some breakaway winners and losers, with significant business model implications and competitive fallout. (For more on where directors see GenAI heading at their companies, see our pulse survey.)

The companies that will excel in using GenAI technology at scale understand that it’s also a leadership journey. Fundamentally changing what people do every day and how they work will require leadership, as well as skills and know-how to assess the company’s processes and workflows and to decide where to insert GenAI to improve productivity. Successful adoption will also require the refinement of risk management frameworks to mitigate critical risks related to inaccurate data and results, bias and hallucinations, intellectual property, cybersecurity, data privacy and compliance, reputation, and talent.

Starting with an inventory of where GenAI is used, boardroom conversations are focusing on the reason(s) GenAI is being used, who has algorithmic accountability, whose data the algorithms are being trained on, how the company is monitoring for data bias, and how third- and fourth-party risks are being managed.

Three broader issues also loom for society: the use of GenAI tools to create mis–, dis–, and mal–information (MDM), which can critically undermine trust in institutions and the rational contest of ideas; the increasing energy needs of GenAI—for computing and cooling systems—which adds a layer of complexity to the fight against climate change; and workforce-related issues such as upskilling, reskilling, and downsizing.

Soft landing or no landing?

A stunningly resilient economy over the past year has buoyed the outlook for continued growth in the year ahead, though potential shocks and big question marks are tempering optimism: fragile supply chains—the massive cargo ship impact causing the collapse of the Francis Scott Key Bridge in Baltimore, Maryland, being a recent tragic example; escalating tensions in the Middle East; the outcome of the US elections and future outlook on US debt (and the US dollar); simmering inflation; record levels of corporate cash on the sidelines and the implications of 2018-vintage debt coming due; the startling emergence GenAI and discerning hype from reality in the search for productivity gains.

Markets still dislike uncertainty, but investors are perhaps becoming more accustomed to it, with expectations that companies lean into more rigorous scenario planning. Interpreting signs from the Fed—soft landing? No landing? Cutting rates to stimulate or to dial back restrictions?—is still part of the calculus, but determining where a company will place its biggest bets for the months ahead will increasingly depend on having a clear-eyed view of where the global political economy is headed. (See the latest economic analysis from KPMG Economics.)

The business of climate: A bumpy ride ahead

One of the defining characteristics of the next few years will be the messy and deeply contested transition away from fossil fuels. As we note in Climate in context: Geopolitics, business, and the board, a KPMG/ Eurasia Group paper, 2024 may be the coolest year of the rest of our lives. The urgency of climate risk continues to escalate as tangible impacts are felt in markets around the world, from drought hampering shipping through the Panama Canal to failing water supplies, wildfires and other extreme weather events, growing food scarcity, and migration crises.

Three factors are likely to determine whether/when the moment of disruption has arrived: the availability of viable alternatives, incentives to implement them, and readiness of the marketplace to adapt and accommodate them.

For much of the private sector, this tipping point and the transformational opportunities are already in view. Focused on growth potential and longer-term value creation—and pressed by investors and regulators— corporate capital is quickly emerging as a primary engine in the energy transition, with investments, knowhow, and innovation. Although the end point—a low/post-carbon economy—may be clear, expect a bumpy ride. Geopolitical contention, fragmented regulatory regimes and disclosure frameworks, technological innovations (and lagging infrastructure), and trade-offs between near- and longer-term performance are making energy transition an epic undertaking. Astute boards are deepening their climate conversations.

Workforce (in)security

The complexity of issues factoring into talent and workforce well-being should result in chief human resource officers (CHROs) having a prominent voice and seat in the C-suite and in the boardroom. Among the most pressing challenges are continuing changes regarding where work gets done (e.g., remote work, return to the office); the impact of GenAI on how work gets done; growing employee unrest and the resurgence of labor unions; and intensifying scrutiny of diversity, equity, and inclusion (DEI) efforts.

In the past, technological change primarily impacted blue-collar workers, but with the arrival of GenAI, it’s white-collar workers who are also anxious about job security. Benefitting from the productivity increases GenAI promises while maintaining a productive and engaged workforce will hinge on having clear plans to reskill, upskill, and cross-skill employees, being honest about how their work is evolving, and offering a path for career development. Helping employees understand the mutual benefits of working with GenAI can be a helpful frame for the challenging workforce conversations and cultural changes ahead. As one speaker noted, “AI plus HI [human intelligence] equals the ROI.”[3]

The competition for talent continues to intensify, with the added challenges of evolving workforce demographics, employees from different generations working side-by-side, and many employees looking for something other than money and security from their jobs. Workplace wellness and well-being programs, including flexibility in where and how work gets done, are even more important to employees today than several years ago.[4] And DEI (by whatever name) continues to demand leadership’s attention. In a country that is now as diverse as ever—yet also as divided as ever—the notion that increased diversity would be “the fix” is giving way to the understanding that inclusion is the decisive factor. Business leaders need to understand the mood of employees (and unions) and what motivates them, and respond in ways that lead to a strong corporate culture built on mutual trust and a vision for long-term value creation.

The regulatory front: Climate, GenAI, NOCLAR, cyber

With the SEC, California, and the European Union (EU) setting the pace, policymakers and regulators continue to sharpen their focus on climate change and sustainability issues, cybersecurity, and GenAI.

On climate disclosures, the SEC’s order staying the final rules, pending completion of judicial review of the multiple challenges to the rules by the United States Court of Appeals for the Eighth Circuit, has created uncertainty around the final rules,[5] particularly given that it may take some time for the litigation to be resolved, but the scheduled compliance phase-in dates have not changed. This uncertainty poses a significant challenge for larger accelerated filers, whose earliest compliance obligations begin January 1, 2025 (for calendar-year filers). Many companies are also assessing whether they are subject to the California climate laws as well as EU and other international standards, some of which require reporting Scope 3 greenhouse gas (GHG) emissions data and other disclosures that are more extensive than what is required by the SEC’s rule.[6]

While the stay of the SEC final rules may reduce the sense of urgency for some companies, a “pens down” posture would likely be short-sighted given the proliferation of new and complex climate disclosure mandates, investor demands, and the SEC’s enforcement actions and comment letters. A key question for boards is whether management has the necessary talent, resources, and expertise—internal and external—to gather, organize, calculate, verify, and report the necessary GHG emissions data, and to develop the necessary internal controls and disclosure controls and procedures to support these and other 10-K disclosures and financial statement disclosures. For many companies, this will require a cross-functional management team (climate team) from legal, finance, sustainability, risk, operations, IT, HR, and internal audit. At larger public companies, this team may be led by an ESG controller. Identifying and recruiting climate and GHG emissions expertise for a climate team—which may be in short supply—and implementing new systems to automate the data-gathering process will be essential.

The AI regulatory landscape is developing at a brisk pace at the local, state, national, and global levels. Perhaps most notably, the EU’s AI Act is the first comprehensive attempt to regulate AI. It has broad, extraterritorial reach, covering any entity that is “placing on the market” or “putting into service” an AI system in the EU.[7] Currently in the final stages of adoption, the EU AI Act takes a risk-based approach: AI uses deemed to pose an “unacceptable” level of risk (such as biometric categorizing and behavioral manipulation) are banned and other uses are placed within a risk tier, from high to low, with corresponding levels of compliance obligations. Penalties for violations are significant. Companies should understand whether they are subject to the EU AI Act and consider benchmarking their risk and compliance practices against it, as the EU AI Act is likely to be used by other regulators in crafting their own AI regulations.

The PCAOB’s proposal on auditors’ responsibilities related to noncompliance with laws and regulations (NOCLAR) should be closely monitored, as it would make sweeping changes to auditing standards. While there are differing interpretations of what the language would require, it has the potential to materially increase the scope of the audit by effectively requiring auditors to audit legal and regulatory noncompliance and alert appropriate members of management and audit committees when instances are identified.

“Norms and expectations” are beginning to play out on the SEC’s final cybersecurity disclosure rules,[8] which require that companies report a material cyber incident on Form 8-K within four business days after determining that a cyber incident is material. Noting that some companies have voluntarily reported immaterial cybersecurity incidents on Form-8-K, some in the legal community have cautioned that “overdisclosure” can cause confusion and is not welcome by the SEC staff. Unlike most 8-K events, a cyber incident requires an ongoing evaluation of materiality.

Digital threats and cyber readiness

Cybersecurity risk continues to mount, with GenAI tools aiding hackers in both the sophistication and efficiency of their efforts. The proliferation of criminal hackers, malware developers, and nation-state actors, the ubiquity of ransomware attacks, and ill-defined lines of responsibility for data security—among users, companies, vendors, and government agencies—are keeping cybersecurity risk high on board and committee agendas.

Readiness and resilience have become the critical watchwords for companies and boards today, recognizing the need not only for a robust cyber incident response plan, but also periodic tabletop exercises to simulate how a cyber incident might unfold.

The company’s cyber incident response policies and procedures should be reviewed and updated, as necessary. This would include a clear delineation of responsibilities of management’s cybersecurity and risk management teams, management’s disclosure committee, the legal department, and any outside advisors, as well as escalation protocols, and procedures for determining materiality and for the preparation and review of disclosures. Escalation protocols should also address when the board is notified and how internal and external communications are handled.

The ongoing threat posed by insiders—whether disgruntled or disengaged employees, hostile state-actors, or third-party vendors offshore and under the radar—should also prompt regular assessment of the company’s process for deterring, detecting, and effectively responding to insider breaches.

Getting ahead of mis–, dis–, and mal–information (MDM)

The growing prevalence of MDM is also hitting the boardroom radar given the significant reputational risks it poses. Inaccurate information—no matter the type, source, or motive—continues to undermine trust and exacerbate polarization. GenAI technology gives the purveyors of MDM the ability to understand what resonates with their target audience and provides the tools to generate content—including deep-fake images, narratives, and voices—that is convincing enough to damage corporate reputations.

To get ahead of MDM, a company should first understand what disinformation narratives can materially impact the business, and who might be likely purveyors of MDM. What will cause investors, employees, or customers to lose trust in the company or its products and services? Second, what capabilities and processes does the company have in place (risk management, corporate communications, investor relations, corporate counsel) to prevent or counter disinformation? Having a clear narrative for the marketplace—and building a surplus of trust with customers—are essentials.

Talent, strategy, risk—a different TSR?

The seismic changes and disruptions facing corporate America that were discussed at our conference are causing many boards to rethink their board oversight structure and processes, and how they are spending their time.

Some leading business thinkers are challenging the traditional measure of TSR (total shareholder return), emphasizing a reorientation of the board’s focus to help ensure robust attention to talent, strategy, and risk—a different take on TSR.[9] These factors, they argue, determine more than any others whether a company creates long-term value.

Board conversations with the CHRO and CEO about talent typically take place during succession planning, but the deeper question for boards is how the organization handles the broader challenge of talent management. Getting out in the field to meet the company’s up-and-coming talent is more important than ever; talking with employees will provide directors with a ground-level view and potentially different messages from those they hear from management in the boardroom. The transformative developments in GenAI and related digital technologies aimed at increasing productivity should be prompting sharper board attention to employee training. Major technology investments are only as effective as employees’ ability and propensity to use the tools.

Given the current risk environment, which can seemingly impact strategic plans overnight, boards should vet the strategy at every board meeting. Inextricably linked to strategy and talent, of course, is risk—particularly mission-critical risks, risk appetite, and risk culture—which permeates the enterprise.

America on the world stage

The world we see today, as one keynote speaker noted, has been developing for about 20 years—all in plain sight: Russian aggression, flashpoints and conflict eruptions in the Middle East, China’s rise, the resurgence of American isolationism, and a planet in the danger zone on climate. Taken together, these developments— with GenAI as a game-changing variable—have made for a world that hasn’t been this unpredictable since World War II.

Having better situational awareness to support scenario planning and risk assessment will be vital to operating and strategic decision-making. To that end, understanding historical context and having geopolitical expertise in boardroom conversations can be illuminating. As a case in point, political polarization in the US historically has been as bad as (if not worse than) it is today. What’s different is the dysfunction and paralysis of the policy-making process. For America’s allies and the rest of the world, such paralysis means uncertainty and leaves little choice but to hedge—with other military alliances, economic/trade relationships, and currencies. What are the implications for a company’s operating footprint in an increasingly multipolar world?

To be sure, as a nation of risk-takers, America’s innovative muscle and ability to think differently continue to spark breakthroughs—from GenAI and green technologies to DNA science and private-sector space travel. How competitive America will continue to be, time will tell, and the post-election landscape will likely provide the next major signposts. But it’s clear that leadership from corporate America’s boardrooms will be a vital factor in driving the risk-taking, guardrails, and resilience that business and society will need in the months and years ahead.