This year promises to be a pivotal one with plenty of new risks and challenges for organizations worldwide to navigate. After the ultimate election year – voters in at least 64 countries went to the polls in 2024 – the outcomes are likely to lead to changes in policies and regulations that could increase companies’ risk exposure.
Geopolitical tensions are expected to remain high, which could threaten supply chains and create market volatility. At the same time, growing AI adoption and technology advancements are enabling organizations to be more efficient and drive new value – but they also carry significant risks.
There are several risk factors and trends that risk management and business leaders should keep top of mind. Strengthening risk management strategies in these areas now will help you skillfully handle risk events that come your way in 2025 – and set you up for success for years to come.
Four Risk Trends to Watch
These insights are based on research Riskonnect conducted for the 2024 New Generation of Risk report.
1. AI risks and cybersecurity threats will be top concerns.
Cybersecurity was organizations’ top risk driver in 2024, with 72% of survey respondents reporting the impacts of cybersecurity risks on their organization to be significant or severe. AI-powered threats such as ransomware, phishing and deepfakes continue to escalate, with 24% expecting these threats to have the biggest impact on their businesses into at least the first half of 2025.
Riskonnect CEO Jim Wetekamp: Cascading geopolitical events.
Most organizations (80%) don’t have a dedicated plan to address generative AI risks, including AI-driven fraud attacks. Few have formally trained the entire organization on the risks, and even fewer say they have a budget specifically directed at mitigating AI-related risks.
Closing the gaps in these areas and creating an AI plan should now be a top priority. Even if you aren’t incorporating AI directly into your own operations, chances are you will encounter AI risks through cybersecurity threats – which often infiltrate through a third party. Given the business impact AI and cyber risks can have, it is essential to put the right structure and tools in place to protect against these threats.
2. Geopolitical risk events could catch companies by surprise.
A shocking 61% of organizations don’t have a plan for managing risks and disruptions related to future geopolitical tensions, such as a potential conflict between China and Taiwan. Given the current geopolitical climate, the gap in preparedness is concerning. Talks of a Chinese invasion of Taiwan are escalating, and some experts anticipate the scale could be worse than the Russia-Ukraine war.
Geopolitical situations can have a substantial impact on the enterprise. The impacts of one geopolitical event can be far-reaching – supply chain issues, inflation, shifting regulations, changes to tax rules and employment laws, cyberattacks, market volatility, boycotts and public backlash, and more – and can cascade across the organization.
Many organizations consider geopolitical events to be a “worst-case scenario” alongside cybersecurity incidents and natural disasters. Yet 56% of companies haven’t simulated their worst-case scenarios.
Resolve to conduct regular scenario planning in 2025. Map out the resources and actions you would need to take to continue operations in these situations, and conduct tabletop exercises. A solid plan is key for effective response to geopolitical events or any crisis.
3. Internal and external perspectives on emerging risks will merge.
Organizations will face a variety of risks beyond AI, cybersecurity and geopolitical uncertainty. Risk, resilience and compliance professionals say they expect interest rates and inflation (14%), increased government regulation and oversight (14%), and the changes that come with a new administration (15%) to have big impacts on their businesses in 2025.
Stay ahead by breaking down silos internally to get a holistic view of risks. It’s also important to establish a framework for harmonizing external data points and inputs, such as regulatory data, supply chain intelligence, economic indicators, environmental insights, market and consumer behavior data, and more, to sharpen your perspective on key risks and how they are evolving. By aligning internal and external perspectives, you can better identify vulnerabilities, improve decision-making, and adapt swiftly to changes in the risk landscape.
4. Organizations will realize the need to pull risk leaders into technology decisions.
As generative AI adoption grows and more departments consider leveraging these tools, risk leaders need a seat at the table to ensure AI is used in a way that advances strategic objectives instead of raising the company’s exposures.
Risks must be acknowledged and controlled, staff must have clear usage policies and guidelines, and every department needs training on the risks.
While only 20% of risk management teams currently say they are always involved in decisions about incorporating AI into operations, products, or offerings, that number will likely grow as business leaders realize the value risk professionals bring to the table. The more risk leaders are pulled into technology and strategy decisions, the more the organization can safely take advantage of new opportunities.
In sum, risks on the horizon are both significant and multifaceted. Take steps now to navigate these threats and position your organization to thrive in the ever-evolving environment.
Jim Wetekamp is CEO of integrated risk management solutions provider Riskonnect. He was previously CEO of BravoSolution, a cloud procurement solutions company, and has more than 20 years of experience in software product leadership, supply chain, and risk.
Topics: Resilience
