A new report from Riskonnect reveals that a majority of risk leaders anticipate increased cyber exposure from state-sponsored attacks and reduced federal cyber investments if the U.
S. adopts more restrictive trade policies long-term. The 2025 New Generation of Risk Report also highlights a significant rise in political risk as a top corporate threat and identifies substantial gaps in AI governance.
Riskonnect’s proprietary research, based on a global survey of over 200 risk, compliance, and resilience professionals, indicates that 62% of risk leaders view heightened cyber exposure as the primary risk from prolonged restrictive trade policies. Additional concerns include higher production and indirect costs (48%), severe supply chain disruptions and shortages (47%), and increased domestic labor costs (31%).
Political risk has climbed from fifth place in 2024 to become one of the top three corporate threats, with 97% of risk leaders reporting some impact on their business and 40% describing it as “significant” or “severe.” Domestic political instability has led companies to slow or stall hiring (37%), delay major technology investments or capital expenditures (28%), postpone expansion plans (23%), and diversify supply chains or reshore operations (27%).
Jim Wetekamp, CEO of Riskonnect, commented on the findings, stating, “We’re in a new generation of risk – one where cyber, geopolitical, technology, political risk, and other factors are rapidly converging and reshaping the landscape. The impact on markets and operations is unfolding faster than many organizations can keep up.” He added that the current unpredictable business environment requires organizations to build resilience as a core strategic capability.
The report identifies that companies are underestimating their third-party exposures. While 85% have a business continuity and resilience plan for major IT outages or cyber incidents at critical service providers, only 8% can assess and monitor their tier 1 partners, their suppliers, and their suppliers’ suppliers, indicating vulnerabilities deep within the digital supply chain.
Despite these challenges, progress is evident in some areas. Two-thirds (66%) of companies entered 2025 with a plan for managing geopolitical volatility, a significant increase from 19% in 2024. Furthermore, risk representation in the C-suite is growing, with 60% of organizations now employing a chief risk officer, up from 52% over the past two years. Risk leaders are also increasingly leveraging AI, with 70% using or planning to use AI for risk management in 2025, up from 62% last year. Top use cases include risk assessments (34%), risk forecasting (28%), scenario planning and simulations (28%), creating risk registers (28%), and surfacing previously unconsidered risks (28%). The study also notes that 61% of risk leaders have simulated their worst-case scenario, compared to 44% in 2024 and 37% in 2023.
However, oversight of Generative AI remains largely lacking. Forty-two percent of companies do not have a policy governing employee use of AI, and 72% lack a policy for genAI use by partners and suppliers. A substantial 75% lack a dedicated plan for addressing genAI risks, such as deepfakes and AI-driven fraud attacks. Only 15% have a budget for mitigating AI-related risks, and 23% have a policy against using foreign AI models like DeepSeek. While formal training on genAI risks has improved, with 32% of companies providing it, up from 19% in 2024, significant gaps persist, particularly with agentic AI. Fifty-nine percent of risk leaders are considering incorporating agentic AI solutions, but 55% of those have not formally assessed the associated risks.
Andrea Brody, CMO at Riskonnect, emphasized the need for robust AI governance. “Many organizations aren’t currently built to keep pace with the speed of AI’s evolution. AI demands strong governance. This is a moment for risk professionals to lead the charge on AI oversight and show their value as strategic enablers,” Brody stated.
Riskonnect is an integrated risk management software solution provider. The company’s technology aims to empower organizations to anticipate, manage, and respond to strategic and operational risks across the extended enterprise. Serving over 2,700 customers across six continents, Riskonnect maintains more than 1,500 risk management experts in the Americas, Europe, and Asia-Pacific.
