Legal and compliance chiefs are rating the level of risk in the current business environment at 7.9 out of 10, where one is Negligible and 10 is Significant. This marks a 16% increase from Q1 levels, though the figure has remained relatively flat since Q3, suggesting the risk escalation may be stabilizing, according to the Q4 Business Risk Index conducted by Diligent.
“In 2025, risk levels didn’t just spike, they settled into an ‘always-on’ baseline,” says Dottie Schindlinger, executive director of the Diligent Institute. “In a world where significantly high-risk levels are constant, the [general council’s] agenda may become increasingly defined by AI and broader tech exposure. Legal teams are already gearing up, predicting heightened regulatory tracking, audits and policy reviews in 2026.”
Key takeaways:
· 60% of respondents cited technology as a risk today, well ahead of any other issue, including the economy (33%) and tariffs (23%). Legal, compliance and audit leaders view increasingly sophisticated cyberattacks as a primary threat vector.
· While those polled expect most risks to lessen as businesses get more clarity around issues such as trade, regulations and the economy, AI-related risks are the notable exception. The majority continue to cite it as a top risk for their organization in 2026, well ahead of the economy (23%) and regulations (19%).
· When asked which key risk indicators (KRIs) they were monitoring closely into the New Year, market conditions ranked first, with 33% of votes, followed by cyber alerts (27%).
· Despite increasing risks and reported vulnerabilities in cross-function coordination, a full third of respondents said their organizations were reducing or keeping risk management operational budgets flat in 2026.
· For organizations expected to receive budget increases, the most common investments are in regulatory tracking and monitoring technology (26%) or data privacy and cyber defenses (23%).
· When asked what they would improve if given a chance, cross-function coordination took the top spot, with 44% of the votes.
· Only 4% of governance professionals say their governance, risk, and compliance and financial systems are fully integrated, which can keep risk data trapped in silos.
