Political uncertainty is climbing. Geopolitical shocks and cyberattacks are still hitting companies hard. Economic uncertainty lingers. And AI is advancing faster than governance can keep up. Agentic AI – the latest wave of AI technology – is already here, yet many companies are still wrapping their heads around generative AI and its risks three years into the technology hitting the mass market.

These forces are creating a high-stakes environment that demands faster, sharper, and more proactive responses. Are risk management strategies evolving quickly enough alongside the landscape?

Riskonnect surveyed more than 200 risk, compliance, and resilience professionals worldwide to uncover today’s most pressing threats and to see if organisations are ready for this new generation of risk.

The 2025 New Generation of Risk Report reveals that the risks with the biggest impact this year are cybersecurity (61%), economic (50%), and political (40%). However, critical gaps remain between risk impact and preparedness.

Impact vs Preparedness

While leaders are making meaningful progress in important areas, such as worst-case scenario planning, AI adoption, and building plans for geopolitical risk (which were largely absent a year ago), more needs to be done.

Other highlights from the survey include:

Political risk is now a top-three threat, up from fifth place last year.

A full 97% of companies say political risks are impacting the business in some way, with 40% categorizing the impact as “significant” or “severe.” Yet only 17% of companies say they feel prepared to assess, manage, and recover from these risks.

In response, companies say they have slowed or stalled hiring (37%), delayed major tech investments or capital expenditures (28%), delayed expansion plans (23%), and diversified supply chains or reshored operations (27%) because of domestic political instability.

Most companies aren’t ready to ward off an influx of cyberattacks triggered by trade wars.

If the U.S. adopts more restrictive trade policies on a long-term basis, 62% of risk leaders say the biggest risk to their organisation is increased cyber exposure from state-sponsored attacks and reduced federal cyber investments. Other risks of a prolonged restrictive trade environment include higher production and indirect costs (48%), severe supply chain disruptions and shortages (47%), and higher domestic labour costs (31%).

Companies remain dangerously vulnerable to risk from suppliers and suppliers’ suppliers.

The vast majority of organisations – 85% – say they have a business continuity plan to keep the business running in the event of a major IT outage or cyber incident at one of their business-critical service providers. But this visibility stops at tier 1 suppliers, leaving most companies exposed to hidden vulnerabilities buried deeper in the supply chain. Just under 8% of respondents say they can assess and monitor their suppliers’ suppliers, their suppliers’ suppliers, and so on down the line.

critical technology partner risks chart

Companies are flying blind on agentic AI.

Nearly 60% of risk leaders say their companies are considering incorporating agentic AI solutions into their operations or products. Yet over half of those leaders (55%) haven’t assessed the risks. And a noteworthy share (15%) say they don’t know whether their organisation is considering incorporating agentic AI into its operations or products – which is a risk in and of itself.

Despite the surge in use, few companies are prepared to manage AI risks.

Only 12% of companies say they feel prepared to assess, manage, and recover from AI and AI governance risks. While this is up from preparedness levels in past years (9% in 2023 and 8% in 2024), it is still low. As companies rush to deploy AI and leverage the tech as a value driver, this is a dangerous place to be.

Companies are still overlooking critical blind spots when it comes to AI governance and oversight.

Some 42% of companies don’t have a policy in place to govern the use of AI by employees – and 72% don’t have one for the use of genAI by partners and suppliers. Three-quarters of respondents say they don’t have a dedicated plan to specifically address genAI risks like deepfakes and AI-driven fraud attacks. And just 15% say they have a budget specifically directed at mitigating AI-related risks.

More companies are using AI to manage risks.

Seven in ten companies are currently using AI to help manage risk, up from 62% last year. Assessing risks jumped to the top use-case for AI in risk management.

Significantly more companies are taking purposeful steps to plan for the worst.

Some 61% of risk leaders say they’ve simulated their worst-case scenario, up from 44% in 2024 and 37% in 2023. Growing AI adoption, which makes scenario planning easier and faster to execute, could be a contributing factor to this uptick.

Spreadsheets are out. Software is in for manageing risk.

Just 40% of companies mostly or only use spreadsheets to manage risk. That’s down significantly from the 53% of companies that reported heavy spreadsheet reliance last year. Increasing software use appears to coincide with greater confidence in risk data. A full 90% of companies now trust their data, up from 84% last year.

The Takeaways

The data paints a clear picture that risk management is increasingly viewed as a strategic business function. But it’s in a pivotal state of transition, and companies must invest decisively to realize its full potential and strengthen its impact.

It isn’t enough to just keep up with this new generation of risk. The advantage will go to those that get ahead of these risks. A few steps to take now:

  • Embrace AI with clear governance. AI isn’t a side project. Treat it as a core enterprise risk and manage it with the same oversight and diligence as other critical risks.
  • Scenario plan. Don’t wait for risks to materialize. Stress-test your playbook with AI-powered simulations that consider shocks and risk factors you might otherwise discount.
  • Look past your tier 1s. Hone your ability to assess and monitor risks across your entire digital supply chain, especially as third parties are often the front door for bad actors. Even if you can’t get granular on every layer, be ready to manage the fallout.
  • Elevate your impact with AI. Strategically leverage the technology in key areas that save you time and enable you to be more proactive and focus on what matters.
  • Invest in technology. This is key for staying ahead and manageing the full spectrum of risk.

This new generation of risk is not just defined by the sheer scale and speed of emerging threats, but also by the ways in which companies are preparing to meet them. Are the steps you are taking bold enough, fast enough, and strategic enough to stay ahead?

For an in-depth look at the survey findings, download the 2025 New Generation of Risk Report.