In our report, The Connected Future of Risk, participants from leading global organizations* highlighted that one of the most significant concerns for businesses today is not any single risk, but the way risks are now converging and deeply interconnected.
Threats like cyberattacks, supply chain disruptions, and geopolitical events can interact and amplify one another, triggering domino effects that span industries and geographies. This interconnectedness of risk magnifies impact and means siloed approaches to risk management need to evolve.
The threat landscape is more sophisticated, with cyber incidents now intersecting with fraud, data privacy, and geopolitical tensions. Leaders are concerned that while they have more data on threats than ever, they lack coordinated mechanisms to detect, prevent, and recover quickly. Cyber risk is seen as having the highest impact and lowest controllability—resilience now depends on speed and cross-functional response.
Participants highlighted that a single vendor outage can disrupt operations, breach compliance, or expose data across regions. Many described a widening gap between how much operational activity sits outside their direct control and how limited their oversight remains. These risks can become existential concerns, amplified by complex supply chains and digital dependencies.
Leaders see their brand reputations as both fragile and intangible—difficult to quantify, yet decisive in market and stakeholder confidence. The speed of response to events is therefore considered critical with one participant commenting: “You don’t need to be wrong to lose trust; you just need to be slow to respond.”
Outside the top 3 areas of growing concern are other risk factors businesses are focusing on.
While these risks are considered generally well-governed, the continual changes in reporting standards and oversight mean compliance demands can consume resources that could otherwise be applied to proactive risk insight. Leaders noted they have plenty of controls, but not necessarily enough coordination in this area.
These risks are considered difficult to manage and unpredictable, relying on scenario modelling, diversification, and resilience planning. Leaders are particularly concerned about the impact of trade wars, sanctions, and policy shifts that can quickly make existing plans obsolete.
These risks are challenging to manage because they are unpredictable in nature, span regulation, investor pressure, and reputation. While the immediate operational impact of an extreme weather event for example may be limited, the long-term implications are strategic. Companies are investing in data transparency, sustainability reporting, and governance reform, but maturity varies widely among participants.
We spoke to executives across a number of sectors for the study. Some of the findings drawn from their contributions are summarized below:
Banks are mature in financial risk management, with sophisticated frameworks and regulatory oversight. However, they can be constrained by legacy systems, as well as regulation, which creates a tension: “sophistication without agility.” Banks describe struggling to connect speed and control.
This sector is broadening its focus from market exposure to enterprise-wide risk exposure. The main tension is described as rising investor expectations for transparency, which creates pressure to demonstrate integrity and control across all types of risk.
Insurers are rich in data, but information can be fragmented across underwriting, actuarial, and enterprise functions. The abundance of information without integration can limit both efficiency and resilience, making it difficult to respond quickly to emerging risks.
Fintech firms tended to be fast-moving and innovation-led, but their governance can lag behind growth. The main tension appears to be that agility outpaces assurance and oversight, exposing them to risks that may not be fully understood or managed.
Corporates face wide operational and reputational risk exposure due to complex supply chains and increased regulatory scrutiny, for example around sustainability. There is a strong desire for global visibility of risk, but accountability can remain fragmented and reactive, making unified oversight a challenge.
This sector appears to be people- and reputation-driven, relying on judgement and trust as much as formal systems. The main tension is that inconsistency can make risk management hard to standardize and manage effectively across business networks and relationships.
The findings in the report point to risk as a systemic issue for businesses. Some of the hardest risks to control—cyber, third-party, operational—are also the most critical. The biggest challenge is not awareness but effective execution of risk management. Legacy systems, fragmented data, and siloed cultures can hold organizations back.
For C-level leaders, the imperative is to move from fragmented awareness to integrated action. Could the future belong to those who treat risk as a unifying force for performance, resilience, and growth?
*The study is based on 50 in-depth interviews with senior executives responsible for risk, compliance, finance, procurement, technology, and operations, representing a broad mix of industries, regions, and organizational sizes.