Governance Surveys
Directorship Magazine
Online Exclusive
Navigating a New Era of Risk: A Playbook for Directors
As the global risk landscape evolves at an unprecedented pace, directors can navigate threats by refining governance routines to build resilience and value.
Aon’s 2025 Global Risk Management Survey pinpoints a challenge for directors: The volume and velocity of global risks have never been higher, yet board agendas can’t expand indefinitely.
The solution is not for directors to predict every potential disruption; it is to reshape governance and capital decisions so that the organizations they serve can absorb shocks and seize opportunity in the process.
What the Results Say
The survey captures responses from nearly 3,000 corporate leaders across 63 countries. The top current risks look familiar: cyberattacks, business interruption, economic slowdown, regulatory change, and supply chain failures. However, what is new is their convergence. Technology, trade, weather, and workforce issues now collide to produce compounding effects.
Geopolitical volatility has jumped almost 30 places in the ranking of current risks since 2019, while climate risk entered the top 10 future threats for the first time. Artificial intelligence joined that list, too, underscoring how the next wave of disruption will stem from inside the enterprise, in addition to outside it.
| Top 10 Current Risks | Compared to 2023 | Top 10 Future Risks | Compared to 2023 | |||
| 1 | Cyberattack or data breach | — | 1 | Cyberattack or data breach | — | |
| 2 | Business interruption | — | 2 | Economic slowdown or slow recovery | — | |
| 3 | Economic slowdown or slow recovery | — | 3 | Increasing competition | 4 ↑ | |
| 4 | Regulatory or legislative changes | 1 ↑ | 4 | Commodity price risk or scarcity of materials | 1 ↓ | |
| 5 | Increasing competition | 5 ↑ | 5 | Geopolitical volatility | 9 ↑ | |
| 6 | Commodity price risk or scarcity of materials | 1 ↑ | 6 | Regulatory or legislative changes | 1 ↓ | |
| 7 | Supply chain or distribution failure | 1 ↓ | 7 | Business interruption | 1 ↓ | |
| 8 | Damage to reputation or brand | — | 8 | Artificial intelligence | 9 ↑ | |
| 9 | Geopolitical volatility | 12 ↑ | 9 | Climate change | 3 ↑ | |
| 10 | Cash flow or liquidity risk | 1 ↑ | 10 | Cash flow or liquidity risk | — |
Source: Aon 2025 Global Risk Management Survey
Behind those rankings lies a sobering reality. Only 14 percent of companies involved with the survey quantify their exposure to top risks and just 19 percent use analytics to measure the value of risk financing.
What Resilient Organizations Do Differently
The survey results reveal a divide between companies that monitor risk and those that create value from it. The most resilient organizations share four characteristics: strategic risk maturity, an understanding of risk as a value driver, an integrated approach across functions, and forward-looking analytics.
Asking management to quantify, correlate, and allocate all types of current and future risk can transform risk management from a defensive exercise into a competitive advantage. Resilient organizations use risk data to inform capital allocation, link controls to growth strategy, and treat the risk function as an advisor, rather than a reporting line.
Three Risk Clusters to Keep Front and Center
Aon’s 2025 Global Risk Management Survey reveals how organizations are responding to current and pressing threats, particularly as traditionally overseen risks converge with emerging trends.
Cybersecurity and AI
Cybersecurity remains the top global risk for the third consecutive survey, with reported incidents up 22 percent. Generative AI has expanded the attack surface and introduced new ethical and operational vulnerabilities.
Boards should ask management to conduct cyber-risk assessments, maintain a registry of critical AI applications, and stress-test incident response and recovery plans.
Geopolitical Volatility and Supply Chains
Geopolitical risk has entered the top-10 risk list (current and future) for the first time and is one of the least-insured exposures globally. Disruptions now ripple through physical, financial, and digital channels simultaneously.
Boards should request a clear view of organizations’ single points of supply chain failure, including both suppliers and regions, and how long it would take to recover from a material outage. Then, they should help build these considerations into company strategy.
Workforce and Health-Care Costs
Absenteeism, injuries, and rising health-care costs are among the top causes of financial loss, yet “failure to attract or retain talent” ranks 11 overall for current risks. The data suggest that workforce risk may be misunderstood by some companies.
Directors should request workforce analytics that link talent gaps, health-care costs, and attrition directly to margins and growth. When treated as an investment with measurable return, the workforce becomes a source of value, rather than risk.
A Practical Governance Agenda
Given the growing number of risks and finite director time, boards need to focus less on expanding the risk register and more on refining governance routines. Strategies to do so include the following:
- Integrate risk updates into financial reporting cycles, not just annual reviews.
- Conduct dedicated, recurring sessions on top risks (e.g., one session focused on cybersecurity and AI, another focused on geopolitical or supply chain stress).
- Receive and review reports from management that contain a targeted set of resilience metrics quarterly (e.g., cybersecurity incident detection and response time, critical supplier concentration, attrition in key roles). These metrics should be tied to material risks that can impact the company.
- Ensure insurance and talent retention strategies are tied to quantifiable risk appetite. Where necessary, explore insurance policies that protect the company from a loss of intellectual capital. "'Major Risk Factor: Loss of Key Executives' [is] a common listing in Form 10-K statements but often not properly addressed. Key person insurance is a relatively inexpensive insurance solution that helps reduce new threats to businesses relying on the intellectual capital of key executives," said Dan Krekeler, senior vice president with Aon's executive benefits practice.
These steps are not about adding bureaucracy but instead are about creating an enterprise muscle memory for rapid, data-driven decision-making when shocks occur.
From Defense to Differentiation
Aon’s 2025 Global Risk Management Survey makes clear that the companies most likely to thrive are those that treat risk as a lens for setting strategy, not a constraint on it.
As such, directors should consider reframing oversight around three questions:
- How might each major risk impact the company’s cash flow and volatility profile?
- What evidence does the firm have that its “resilience investments” deliver measurable returns?
- Are financial, human, and reputational capital allocated where they will reduce the long-term risk profile of the company and allow for sustainable performance?
Resilience is not a new board duty, but it is a new competitive frontier. In a market where systemic risks can erase years of value creation overnight, boards that quantify and connect those risks can help the organizations they serve do more than withstand disruption; they can use this to lead.
The views expressed in this article are the authors’ own and do not represent the perspective of NACD.
Aon is a NACD partner, providing directors with critical and timely information, and perspectives. Aon is a financial supporter of the NACD.
Jeff Barbieri is a director on Aon’s board and executive advisory team. He is responsible for advising companies on identifying, understanding, analyzing, and addressing environmental, social, and governance risks and opportunities within their businesses.
Dan Krekeler is a senior vice president with Aon’s executive benefits practice. In this role, he consults corporations and high net-worth individuals regarding the most cost-effective implementation strategies for executive risk and benefit solutions.
Katie Hill is a director with Aon’s talent solutions team. She provides strategic consulting to boards and executive leadership teams on the design, implementation, and execution of people-related initiatives.