Risk is everywhere
Risk is everywhere
Why risk is becoming part of the day-to-day management of companies and why inaction can be a bigger problem than the threat itself
What are the impacts of growing cyber risks, geopolitical uncertainty and the rapid development of artificial intelligence on companies
Why organizations that can make informed decisions even in an environment of high uncertainty will gain a competitive advantage
In June, the results of this year's BDO Global Risk Landscape 2026 study were published. Its main message is quite clear: Risk is no longer a separate discipline managed by a narrow team of experts. Risk is everywhere – in strategy, technology, supply chains, regulation, geopolitics and the day-to-day decision-making of companies.
This year's study shows a fundamental shift. Companies are increasingly aware that being too cautious can be a risk in itself. In an environment where crises are accelerating and uncertainty is becoming the new normal, it is not enough just to protect existing business. Organizations that can make well-thought-out decisions even without perfect information will have a competitive advantage.
What are the most important findings?
1. Risk is no longer just a specialist's agendaToday, risk arises across the entire company – in technology, supply chains, regulation, finance, and everyday decision-making.
89% of companies already take into account how individual risks affect each other when assessing threats. Yet many organizations still manage risk separately by team.
2. Inaction is a risk in itself today
Companies can no longer wait for the environment to calm down. Uncertainty has become a normal part of business.
80% of leaders say that the global environment is more affected by crises than ever before. At the same time, 68% say that crises are hitting their companies faster than in the past.
3. Companies want to take risks more cautiously, but also smarter
It's not about greater courage at any cost. It is about the ability to distinguish which risks to take and which to actively limit.
The proportion of companies willing to take risks when necessary has risen from 26% to 36%. At the same time, only 9% of companies describe their risk management as very proactive.
4. Cyber risk is back in first
place Cyber threats are growing faster than companies' ability to defend against them.
40% of leaders cite cybersecurity as the main risk they are not prepared for. Last year it was 23%. This means an increase of 17% points.
5. Security gets into projects too late
Cybersecurity often comes only when the crucial decisions are already made.
Only 10% of cyber teams are involved at the initial idea stage. 26% are involved only at the implementation stage and 6% even just before launch.
6. Geopolitics amplifies all other risks
Geopolitics is no longer a stand-alone threat. It affects suppliers, regulation, data, customs, technology, and cybersecurity.
Geopolitical risk is one of the three most significant risks for which companies do not feel prepared. However, different members of the management see its impacts differently: some deal with supply chains, others with regulation or cyberattacks.
7. Artificial intelligence brings opportunity, but also greater demands on management
Companies are more optimistic about artificial intelligence. But this does not make the risks disappear. Rather, they are moving into the realm of data, accountability, and control.
66% of companies see the development of artificial intelligence as an opportunity. Last year, it was 57%. At the same time, 27% of companies cite artificial intelligence as a new risk for which they are not prepared.
8. The biggest risks of artificial intelligence are not only technical
Companies are most concerned about the impact on data privacy, compliance and cybersecurity.
The top five risks of AI include: data protection, regulatory compliance, cybersecurity, complex integration, and inaccurate outputs.
9. Fraud is disappearing from the attention of management – and this can be a problem
The risk of fraud is not decreasing. It is just often hidden under cyber risks, artificial intelligence or digital security.
93% of leaders do not consider fraud to be one of the main risks they are not prepared for. At the same time, technologies, including artificial intelligence and deepfake tools, allow fraud to scale faster.
10. Fraud defense is lagging behind technology developments
Businesses know that AI is changing the face of fraud. Yet few of them are actively adjusting their defenses.
Last year, 79% of leaders said they had a plan in place to defend against AI fraud.
This year, only 13% are actively monitoring and updating defenses against these threats.
11. Companies do not lack data, but the ability to distinguish what is important
Risk signals are increasing. The problem is to know which ones require a real response.
52% of companies have trouble distinguishing important warning signs from ordinary noise.55% say that short-term operational pressures often crowd out long-term risk planning.
12. Risk management must become a tool for growth
Well-managed risk does not hold a company back. It helps her make decisions faster, more confidently and with greater resilience.
99% of organizations plan to improve risk management in the next three years. But the real difference will be made by those companies that combine strategy, operations, technology, finance, and leadership into a single decision-making framework.
What stands out most strongly from the results of this year's study is the need to change the view of risk. Not as a brake, control or duty, but as part of good company management. Today, risk is as much a part of strategy as growth, innovation or investment.
Companies that are successful will not be the ones that can completely avoid risks. This is no longer realistic in today's environment. Those who understand them, can talk about them across management, and are able to make timely decisions – even if they don't have all the answers, will be more successful. Because in many situations, the biggest risk is no longer the threat itself, but a slow or fragmented response.