Sixty-two percent of risk leaders say if the United States adopts more restrictive trade policies on a long-term basis, the biggest risk to their organization is increased cyber exposure from state-sponsored attacks and reduced federal cyber investments, according to Riskonnect’s 2025 New Generation of Risk Report. Other risks of a prolonged restrictive trade environment include higher production and indirect costs (48%), severe supply chain disruptions and shortages (47%), and higher domestic labor costs (31%).
"We’re in a new generation of risk – one where cyber, geopolitical, technology, political risk, and other factors are rapidly converging and reshaping the landscape. The impact on markets and operations is unfolding faster than many organizations can keep up,” says Jim Wetekamp, CEO of Riskonnect. “Riskonnect’s research shows that while organizations are making progress in some areas, today’s unpredictable business environment demands more than stronger defenses. It requires organizations to build resilience as a core strategic capability."
Key takeaways:
· The study also found that political risk has climbed into the Top 3 corporate threats, rising from fifth place in 2024. 97% of risk leaders say political risks are impacting the business in some way, with 40% categorizing the impact as “significant” or “severe.” Companies have slowed or stalled hiring (37%), delayed major tech investments or capital expenditures (28%), delayed expansion plans (23%), and diversified supply chains or reshored operations (27%) because of domestic political instability.
· Most (85%) say they have a business continuity and resilience plan to keep their organization running in the event of a major IT outage or cyber incident at one of their business-critical service providers. Only 8%, however, can assess and monitor their Tier 1 partners, their suppliers, and their suppliers’ suppliers, indicating vulnerabilities lurk deep in the digital supply chain.
· Two-thirds (66%) of risk leaders entered 2025 with a plan for managing geopolitical volatility, up from the 19% who said they had a plan in 2024.
· 60% of organizations now have a chief risk officer, up from 52% over the past two years, reflecting the rising strategic importance of the function.
· Last year, 62% of companies were using or planned to use AI to help manage risk. In 2025, that figure has jumped to 70% and top use cases include risk assessments (34%), risk forecasting (28%), scenario planning and simulations (28%), creating risk registers (28%), and surfacing risks that they hadn’t previously considered (28%).
· 61% of organizations say they have simulated their worst-case scenario, up from 44% in 2024 and 37% in 2023.
· 42% of risk leaders say they don’t have a policy to govern the use of AI by employees and 72% don’t have a policy for use of genAI by partners and suppliers. Three-quarters (75%) don’t have a dedicated plan for addressing genAI risks, including deepfakes and AI-driven fraud attacks. Only 15% say they have a budget directed at mitigating AI-related risks and only 23% have a policy against using foreign AI models.
· 32% say they’ve formally trained or briefed their entire company on risks related to genAI, up from 19% in 2024 and 17% in 2023.
· 59% of risk leaders say their organizations are considering incorporating agentic AI solutions into their operations or products, but over half (55%) of those leaders admit they haven’t assessed the risks.
![Pros To Know 2026 [color]](https://img.sdcexec.com/mindful/acbm/workspaces/default/uploads/2025/08/prostoknow-2026-color.mduFvhpgMk.png?ar=16%3A9&auto=format%2Ccompress&bg=fff&dpr=2&fill-color=fff&fit=fill&h=135&q=70&w=240)
