Data reveals geopolitical shocks, political risk, AI advancements, and other threats are escalating faster than organizations can respond
Sixty-two percent of risk leaders say if the U.S. adopts more restrictive trade policies on a long-term basis, the biggest risk to their organization is increased cyber exposure from state-sponsored attacks and reduced federal cyber investments, according to Riskonnect's 2025 New Generation of Risk Report Other risks of a prolonged restrictive trade environment include higher production and indirect costs (48%), severe supply chain disruptions and shortages (47%), and higher domestic labor costs (31%).
The proprietary research was released today and is based on a global survey of more than 200 risk, compliance, and resilience professionals. The study also found that political risk has climbed into the top-three corporate threats, rising from fifth place in 2024. Ninety-seven percent of risk leaders say political risks are impacting the business in some way, with 40% categorizing the impact as "significant" or "severe." Companies have slowed or stalled hiring (37%), delayed major tech investments or capital expenditures (28%), delayed expansion plans (23%), and diversified supply chains or reshored operations (27%) because of domestic political instability.
"We're in a new generation of risk one where cyber, geopolitical, technology, political risk, and other factors are rapidly converging and reshaping the landscape. The impact on markets and operations is unfolding faster than many organizations can keep up," said Jim Wetekamp, CEO of Riskonnect. "Riskonnect's research shows that while organizations are making progress in some areas, today's unpredictable business environment demands more than stronger defenses. It requires organizations to build resilience as a core strategic capability."
Riskonnect's 2025 New Generation of Risk Report explores the biggest threats facing the enterprise and how risk management strategies are keeping up with the evolving landscape. Key findings include:
- Companies are underestimating their third-party exposures: Most (85%) say they have a business continuity and resilience plan to keep their organization running in the event of a major IT outage or cyber incident at one of their business-critical service providers. Only 8%, however, can assess and monitor their tier 1 partners, their suppliers, and their suppliers' suppliers, indicating vulnerabilities lurk deep in the digital supply chain.
- Geopolitical risk planning is gaining ground:Two-thirds (66%) of companies entered 2025 with a plan for managing geopolitical volatility, up from the 19% who said they had a plan in 2024.
- Risk representation in the C-suite is growing: Sixty percent of organizations now have a chief risk officer, up from 52% over the past two years, reflecting the rising strategic importance of the function.
- Risk leaders are leaning into AI.Last year, 62% of companies were using or planned to use AI to help manage risk. In 2025, that figure has jumped to 70% and top use cases include risk assessments (34%), risk forecasting (28%), scenario planning and simulations (28%), creating risk registers (28%), and surfacing risks that they hadn't previously considered (28%).
- More companies are preparing for worst-case scenarios: Sixty-one percent of risk leaders say they have simulated their worst-case scenario, up from 44% in 2024 and 37% in 2023.
Companies are largely flying blind on AI
Generative AI oversight still lags in critical areas. Forty-two percent of companies say they don't have a policy to govern the use of AI by employees and 72% don't have a policy for use of genAI by partners and suppliers. Three-quarters (75%) don't have a dedicated plan for addressing genAI risks, including deepfakes and AI-driven fraud attacks. Only 15% say they have a budget directed at mitigating AI-related risks and only 23% have a policy against using foreign AI models such as DeepSeek.
Training on AI risks is trending in the right direction: 32% say they've formally trained or briefed their entire company on risks related to genAI, up from 19% in 2024 and 17% in 2023.
Even as agentic AI enters the risk landscape, organizations' proactivity when it comes to AI risk management and oversight is lacking. Fifty-nine percent of risk leaders say their organizations are considering incorporating agentic AI solutions into their operations or products, but over half (55%) of those leaders admit they haven't formally assessed the risks.
"Many organizations aren't currently built to keep pace with the speed of AI's evolution. AI demands strong governance. This is a moment for risk professionals to lead the charge on AI oversight and show their value as strategic enablers," added Andrea Brody, CMO at Riskonnect.
Access the full report to dive deeper into the new generation of risk.
About Riskonnect
Riskonnect is the leading integrated risk management software solution provider. Our technology empowers organizations with the ability to anticipate, manage, and respond in real time to strategic and operational risks across the extended enterprise.
More than 2,700 customers across six continents partner with Riskonnect to gain previously unattainable insights that deliver better business outcomes. Riskonnect has more than 1,500 risk management experts in the Americas, Europe, and Asia-Pacific. To learn more, visit riskonnect.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20251020145825/en/
Contacts:
Media Contact:
Corporate Ink for Riskonnect
Emma Nadeau
riskonnect@corporateink.com
