BDO’s Global Risk Landscape 2026 report found that cyber risk had jumped as organisations struggle to keep pace with the scale and speed of digital and AI‑driven change.

The research, based on a survey of 500 global C‑suite executives, found that while cyber spending continues to increase, traditional approaches are failing to keep up with increasingly sophisticated threats – particularly as cyber teams are often brought into transformation programmes too late.

The report also found that:

• Crisis is the new normal: 80 per cent say the global risk landscape is more defined by crisis than ever before, and 68 per cent say the speed at which crises are impacting their organisations is increasing (up from 54 per cent a year ago).
• Risk management is becoming less proactive: only nine per cent describe their risk management as “very proactive”, down from 19 per cent in 2025.
  AI optimism is increasing, but governance gaps remain – 66 per cent view AI as an opportunity (up from 57 per cent in 2025), while concerns persist around data privacy, compliance and integration.
• Geopolitics is acting as a “risk multiplier” – increasing exposure across supply chains, cyber and regulation; business leaders rank geopolitical risk as a top-three risk that they feel unprepared for this year (25 per cent).
• Fraud is falling down the agenda despite AI-enabled threats: 93 per cent don’t rank fraud as a top risk, and just 13 per cent are actively monitoring and updating defences against AI-enabled fraud, down from 79 per cent of business leaders who said they had a plan in place to defend against AI-driven fraud last year. This is despite a surge in the overall value of UK reported fraud and economic crime which reached £5.5bn in 2025, according to the BDO’s latest FraudTrack report.

Alisa Voznaya, partner and head of risk consulting at BDO UK, said: “Cyber is no longer just a technology issue – it’s a business survival issue. Organisations are transforming faster than their cyber strategies are evolving, which is creating dangerous gaps in resilience.

“If cyber is bolted on at the end, rather than built in from the start, businesses are effectively playing catch‑up with increasingly well‑resourced attackers.

“More broadly, what we’re seeing is risk coming from everywhere at once – geopolitics, technology disruption, economic volatility – and the interaction of these threats can overwhelm businesses that manage risk in silos.”

Ms Voznaya continued: “In this environment, risk aversion can also be a risk in itself: delaying decisions, waiting for perfect information, or defaulting to blanket caution can mean missed opportunities, widening control gaps and reduced resilience when the next shock hits.

“The organisations that will come through stronger are the ones that treat risk management as a strategic capability, not a defensive function, and share ownership across leadership teams and functions.

“Businesses need clearer risk appetite and decision rights, stronger early‑warning indicators, and earlier cross‑functional involvement – particularly across finance, operations and technology – so risks are spotted sooner and acted on faster.”