Business risk grew double digits in 2025, according to GCs
Legal and compliance chiefs are rating the level of risk in the current business environment at 7.9 out of 10, where 1 is Negligible and 10 is Significant. This marks a 16 percent increase from Q1 levels, though the figure has remained relatively flat since Q3—suggesting the risk escalation may be stabilizing.
While the new year often brings a renewed sense of optimism and a resetting of the slate, legal and compliance leaders are ending 2025 with persistent concerns about the risk landscape: The overall sentiment among the general counsel, audit, legal and compliance leaders participating in the Q4 Business Risk Index, conducted by Diligent Institute and Corporate Board Member, points to compounding pressures across economic, regulatory and political realms creating a precarious environment for business.
“These elements are directly related,” said one respondent. “As one risk escalates, the others do, too.”
“In 2025, risk levels didn’t just spike, they settled into an ‘alwayson’ baseline,” says Dottie Schindlinger, Executive Director of the Diligent Institute. “In a world where significantly high risk levels are constant, the GC’s agenda may become increasingly defined by AI and broader tech exposure. Legal teams are already gearing up, predicting heightened regulatory tracking, audits and policy reviews in 2026.”
Technology and AI lead risk concerns
The most striking finding from the survey is the dominance of technology-related concerns. Sixty percent of respondents cited technology as a risk today, well ahead of any other issue, including the economy (33 percent) and tariffs (23 percent). Legal, compliance and audit leaders view increasingly sophisticated cyber-attacks as a primary threat vector.
“Cyber threats and supply chain instability continue to create pressure, particularly for tech and services companies that depend on stable, secure environments,” said Taras Lytovchenko, chief legal and compliance officer at Trinitex.
“From an IT business perspective, the regulatory uncertainty is the biggest factor, especially around data protection, AI governance and cross-border compliance,” added another respondent. “On top of that, cyber threats and supply-chain instability continue to create pressure.”
“Technology risk is now the connective tissue across the entire risk register,” says Kira Ciccarelli, Senior Manager of Research at the Diligent Institute. “We know that boards too are experimenting with new tech like AI tools to enhance oversight, yet relatively few organizations are leveraging AI powered dashboards for risk monitoring. Closing that execution gap will separate leaders from laggards.”
AI risks expected to persist
While those polled expect most risks to lessen as businesses get more clarity around issues such as trade, regulations and the economy, AI-related risks are the notable exception. The majority continue to cite it as a top risk for their organization in 2026, well ahead of the economy (23 percent) and regulations (19 percent).
When asked which key risk indicators (KRIs) they were monitoring closely into the new year, market conditions ranked first, with 33 percent of votes, followed by cyber alerts (27 percent).
Budget constraints despite rising threats
A concerning disconnect emerged in the survey: despite increasing risks and reported vulnerabilities in cross-function coordination, a full third of respondents said their organizations were reducing or keeping risk management operational budgets flat in 2026.
“Cost cutting focus is increasing our risk across the globe,” said one respondent sounding the alarm.
Others flagged a potential lack of awareness to growing intrinsic risks: “My concerns are potentially developing risk mitigation gaps due to role/employee changes and perceived cultural shifts leading to accepting more risk when it is not prudent. Employee morale is also low and can lead to apathy and lack of concentration needed to perform risk mitigation at a high level.”
For organizations that are expected to receive budget increases, the most common investments are in regulatory tracking and monitoring technology (26 percent) or data privacy and cyber defenses (23 percent).
Call for better coordination
When asked what they would improve if given a chance, cross-function coordination took the top spot, with 44 percent of the votes.
“We are large company and have many opportunities to be even better than we are now,” said one respondent. “My thought is to create less-siloed systems and activities that would allow high-level views to see trends and allow for more in-depth review for continuous improvement.”
“I would prioritize stronger, faster visibility into external regulatory changes, especially shifts in trade policy, tariffs and cross-border rules that affect IT outsourcing,” said another. “We need a smoother way to detect these changes early, assess their impact and adjust our delivery model before clients feel the pressure.”
“Cross functional coordination is key for operating in a world where top risks are interdependent and self amplifying; where geopolitical, regulatory and technology currents shift together,” says Ciccarelli. “And yet, governance, risk and compliance integration remains a major execution gap.”
A recent survey by Diligent Institute found that only 4 percent of governance professionals say their GRC and financial systems are fully integrated, which can keep risk data trapped in silos. “In an ideal future state, GRC systems should flow in a single stream so that one trigger, whether a cyber alert, a tariff change or an AI policy shift, automatically informs the others,” notes Schindlinger.
Related resources
GC Risk Index: Risk is on the rise
A June poll of general and corporate counsel finds business risk increasing, with concerns primarily surrounding changing regulations and continued uncertainty.
GC Risk Index: GCs report heightened risks
A new survey of general counsel, chief compliance officers and audit leaders finds business risk on the rise in the third quarter, amid turbulent regulatory environment and tariff impact.
AI risk perceptions among governance leaders
It all makes a recent episode of the Corporate Director Podcast particularly timely. We talked to Beena Ammanath, Global Head of the Deloitte AI Institute and a faculty member for Diligent’s AI Ethics and Board Oversight Program.
