The results of BDO's Global Risk Landscape 2025 study, which involved 500 business leaders from around the world, show that organizations are responding to complex environments primarily with caution - but often at the expense of growth, innovation and strategic outlook.
The current study shows that most companies today are choosing caution over growth. However, in times of persistent uncertainty, known as permacrisis, this passive approach to risk management is leading to stagnation.
Many organisations are resorting to simply meeting regulatory requirements - the so-called 'compliance regime' - rather than seeing risk as a strategic area. In an environment of continuous crisis, however, this approach is becoming an impediment to development. The consequence is not only higher costs but also the overlooking of potential opportunities. Three-quarters of leaders agree that a proactive approach to risk and embedding it firmly in the organisational culture is the key to success.
The study shows that those who wait for things to calm down will not succeed in 2025. Those who can anticipate, manage and use risk to their advantage will succeed.
84% of executives describe the current environment as one of sustained crisis. Yet only 7% of companies say their approach to risk management is "very proactive" - a significant drop from 29% in 2023.
This trend is problematic: being too cautious can lead to paralysed decision-making, reduced investment and weakened competitiveness.
"The goal is not to anticipate every shock, but to be ready to react. The more you wait, the more you lose opportunities."
2. Compliance approach dominates at the expense of real strategy
A growing number of companies today see risk management primarily as a regulatory compliance issue, rather than viewing it as a strategic challenge and a tool for shaping the future.
3. The biggest risks in 2025: people, supply chains and regulation
Year-on-year changes in risk perceptions confirm that companies are beginning to worry about new factors:
Risks associated with people and talent saw the most significant increase, rising in importance from 12% to 28%, moving from 12th to a shared 2nd place in the priority ranking. Companies are facing a shortage of skilled professionals, the impact of AI on the knowledge base of organisations, and experienced employees leaving without adequate replacements.
4. Cyber threats: more pressure but less systematic approach
Cybercrime remains a major risk, but in many companies a 'checklist' approach is taking precedence over building cyber resilience in a systematic way.
"While technical attacks will catch the tools, employees remain the most common point of failure."
5. AI: a technology with two faces
Attitudes towards AI are changing - most companies see AI as an opportunity (45%). Yet many organisations are not addressing risks in a sufficiently structured way.
But without a robust framework, AI can:
6. Supply chains: time for "flexsourcing"
Tensions in global trade are forcing companies to rethink their dependence on a single source - the concept of "flexsourcing" is emerging, a combination of nearshoring, friendshoring and an agile approach to sourcing.
Firms are mostly stepping up:
Autor: Ondřej Šnejdar
"Risks don't have to be a bogeyman. They are there and always will be... And if you learn to work with them properly, they will open the way to more decisive and smarter actions..."
You can download the full study HERE.
The current study shows that most companies today are choosing caution over growth. However, in times of persistent uncertainty, known as permacrisis, this passive approach to risk management is leading to stagnation.
Many organisations are resorting to simply meeting regulatory requirements - the so-called 'compliance regime' - rather than seeing risk as a strategic area. In an environment of continuous crisis, however, this approach is becoming an impediment to development. The consequence is not only higher costs but also the overlooking of potential opportunities. Three-quarters of leaders agree that a proactive approach to risk and embedding it firmly in the organisational culture is the key to success.
The study shows that those who wait for things to calm down will not succeed in 2025. Those who can anticipate, manage and use risk to their advantage will succeed.
What do the results of the study show us?
1. The era of permacrisis and the risk management crisis84% of executives describe the current environment as one of sustained crisis. Yet only 7% of companies say their approach to risk management is "very proactive" - a significant drop from 29% in 2023.
This trend is problematic: being too cautious can lead to paralysed decision-making, reduced investment and weakened competitiveness.
"The goal is not to anticipate every shock, but to be ready to react. The more you wait, the more you lose opportunities."
2. Compliance approach dominates at the expense of real strategy
A growing number of companies today see risk management primarily as a regulatory compliance issue, rather than viewing it as a strategic challenge and a tool for shaping the future.
- Compared to last year, the number of companies actively avoiding risk has increased significantly - now 69%,
- 60% of CEOs admit that a compliance approach leads to "excessive costs",
- In contrast, Chief Risk Officers are most critical of the low adaptability to new risks and the lack of use of monitoring technologies.
3. The biggest risks in 2025: people, supply chains and regulation
Year-on-year changes in risk perceptions confirm that companies are beginning to worry about new factors:
| Risk | 2024 | 2025 | Shift |
| Regulatory burden | 37 % | 35 % | = |
| Supply chain | 31 % | 28 % | = |
| People and talent | 12 % | 28 % | ↑ 10 places |
| Geopolitical tensions | 26 % | 25 % | = |
| Environmental risks | 15 % | 24 % | ↑ |
| Cybercrime | 24 % | 23 % | ↓ |
Risks associated with people and talent saw the most significant increase, rising in importance from 12% to 28%, moving from 12th to a shared 2nd place in the priority ranking. Companies are facing a shortage of skilled professionals, the impact of AI on the knowledge base of organisations, and experienced employees leaving without adequate replacements.
4. Cyber threats: more pressure but less systematic approach
Cybercrime remains a major risk, but in many companies a 'checklist' approach is taking precedence over building cyber resilience in a systematic way.
- 25% of CEOs cite cyber threats as a top 3 risk
- The most vulnerable sectors are: professional services (41%), TMT (40%), private equity (36%)
- AI enables new types of attacks - especially social engineering and deepfakes
"While technical attacks will catch the tools, employees remain the most common point of failure."
5. AI: a technology with two faces
Attitudes towards AI are changing - most companies see AI as an opportunity (45%). Yet many organisations are not addressing risks in a sufficiently structured way.
- 62% are concerned about the increase in privacy risks
- AI is seen as a key tool in areas such as cybersecurity, compliance monitoring or predictive planning
- Only 31% believe AI can help with risk detection and fraud prevention
But without a robust framework, AI can:
- erode trust (reputational risk)
- destroy institutionalised know-how
- lead to over-automation and weakening of human judgement
6. Supply chains: time for "flexsourcing"
Tensions in global trade are forcing companies to rethink their dependence on a single source - the concept of "flexsourcing" is emerging, a combination of nearshoring, friendshoring and an agile approach to sourcing.
Firms are mostly stepping up:
- physical chain: more rigorous due diligence, diversification of suppliers
- digital chain: supplier audits, monitoring, strengthening data flows
What do we recommend to companies?
- Incorporate risk thinking into company culture - 74% of leaders see this as a key step to long-term success
- Strengthen collaboration across teams, implement real-time monitoring and build modern risk management frameworks that respond to the changing environment
- Extend the existing 'compliance first' approach and start actively using risk as a source of information, inspiration and growth
Autor: Ondřej Šnejdar
"Risks don't have to be a bogeyman. They are there and always will be... And if you learn to work with them properly, they will open the way to more decisive and smarter actions..."
You can download the full study HERE.