Political uncertainty is climbing. Geopolitical shocks and cyberattacks are nonetheless hitting corporations laborious. Financial uncertainty lingers. And AI is advancing quicker than governance can sustain. Agentic AI – the most recent wave of AI expertise – is already right here, but many corporations are nonetheless wrapping their heads round generative AI and its dangers three years into the expertise hitting the mass market.
These forces are making a high-stakes surroundings that calls for quicker, sharper, and extra proactive responses. Are threat administration methods evolving shortly sufficient alongside the panorama?
Riskonnect surveyed greater than 200 threat, compliance, and resilience professionals worldwide to uncover at the moment’s most urgent threats and to see if organizations are prepared for this new technology of threat.
The 2025 New Era of Danger Report reveals that the dangers with the most important impression this 12 months are cybersecurity (61%), financial (50%), and political (40%). Nonetheless, crucial gaps stay between threat impression and preparedness.
Whereas leaders are making significant progress in vital areas, corresponding to worst-case situation planning, AI adoption, and constructing plans for geopolitical threat (which had been largely absent a 12 months in the past), extra must be accomplished.
Different highlights from the survey embody:
Political threat is now a top-three menace, up from fifth place final 12 months.
A full 97% of corporations say political dangers are impacting the enterprise in a roundabout way, with 40% categorizing the impression as “vital” or “extreme.” But solely 17% of corporations say they really feel ready to evaluate, handle, and get well from these dangers.
In response, corporations say they’ve slowed or stalled hiring (37%), delayed main tech investments or capital expenditures (28%), delayed growth plans (23%), and diversified provide chains or reshored operations (27%) due to home political instability.
Most corporations aren’t able to beat back an inflow of cyberattacks triggered by commerce wars.
If the U.S. adopts extra restrictive commerce insurance policies on a long-term foundation, 62% of threat leaders say the most important threat to their group is elevated cyber publicity from state-sponsored assaults and decreased federal cyber investments. Different dangers of a protracted restrictive commerce surroundings embody increased manufacturing and oblique prices (48%), extreme provide chain disruptions and shortages (47%), and better home labor prices (31%).
Firms stay dangerously weak to threat from suppliers and suppliers’ suppliers.
The overwhelming majority of organizations – 85% – say they’ve a enterprise continuity plan to maintain the enterprise operating within the occasion of a significant IT outage or cyber incident at one among their business-critical service suppliers. However this visibility stops at tier 1 suppliers, leaving most corporations uncovered to hidden vulnerabilities buried deeper within the provide chain. Just below 8% of respondents say they’ll assess and monitor their suppliers’ suppliers, their suppliers’ suppliers, and so forth down the road.
Firms are flying blind on agentic AI.
Practically 60% of threat leaders say their corporations are contemplating incorporating agentic AI options into their operations or merchandise. But over half of these leaders (55%) haven’t assessed the dangers. And a noteworthy share (15%) say they don’t know whether or not their group is contemplating incorporating agentic AI into its operations or merchandise – which is a threat in and of itself.
Regardless of the surge in use, few corporations are ready to handle AI dangers.
Solely 12% of corporations say they really feel ready to evaluate, handle, and get well from AI and AI governance dangers. Whereas that is up from preparedness ranges in previous years (9% in 2023 and eight% in 2024), it’s nonetheless low. As corporations rush to deploy AI and leverage the tech as a price driver, it is a harmful place to be.
Firms are nonetheless overlooking crucial blind spots in the case of AI governance and oversight.
Some 42% of corporations don’t have a coverage in place to control the usage of AI by workers – and 72% don’t have one for the usage of genAI by companions and suppliers. Three-quarters of respondents say they don’t have a devoted plan to particularly deal with genAI dangers like deepfakes and AI-driven fraud assaults. And simply 15% say they’ve a finances particularly directed at mitigating AI-related dangers.
Extra corporations are utilizing AI to handle dangers.
Seven in ten corporations are presently utilizing AI to assist handle threat, up from 62% final 12 months. Assessing dangers jumped to the highest use-case for AI in threat administration.
Considerably extra corporations are taking purposeful steps to plan for the worst.
Some 61% of threat leaders say they’ve simulated their worst-case situation, up from 44% in 2024 and 37% in 2023. Rising AI adoption, which makes situation planning simpler and quicker to execute, might be a contributing issue to this uptick.
Spreadsheets are out. Software program is in for managing threat.
Simply 40% of corporations principally or solely use spreadsheets to handle threat. That’s down considerably from the 53% of corporations that reported heavy spreadsheet reliance final 12 months. Rising software program use seems to coincide with larger confidence in threat knowledge. A full 90% of corporations now belief their knowledge, up from 84% final 12 months.
The Takeaways
The information paints a transparent image that threat administration is more and more considered as a strategic enterprise perform. But it surely’s in a pivotal state of transition, and corporations should make investments decisively to understand its full potential and strengthen its impression.
It isn’t sufficient to only sustain with this new technology of threat. The benefit will go to those who get forward of those dangers. Just a few steps to take now:
- Embrace AI with clear governance. AI isn’t a facet mission. Deal with it as a core enterprise threat and handle it with the identical oversight and diligence as different crucial dangers.
- Situation plan. Don’t anticipate dangers to materialize. Stress-test your playbook with AI-powered simulations that contemplate shocks and threat elements you may in any other case low cost.
- Look previous your tier 1s. Hone your capacity to evaluate and monitor dangers throughout your total digital provide chain, particularly as third events are sometimes the entrance door for dangerous actors. Even should you can’t get granular on each layer, be able to handle the fallout.
- Elevate your impression with AI. Strategically leverage the expertise in key areas that prevent time and allow you to be extra proactive and deal with what issues.
- Spend money on expertise. That is key for staying forward and managing the complete spectrum of threat.
This new technology of threat is not only outlined by the sheer scale and pace of rising threats, but in addition by the methods during which corporations are getting ready to fulfill them. Are the steps you take daring sufficient, quick sufficient, and strategic sufficient to remain forward?