Every January, the crystal ball comes out. Risk professionals try to predict what will dominate the risk landscape in the coming year. History shows we rarely get it right; the future has a habit of surprising us, especially with emerging risks. But there’s wisdom in asking the crowd – not because it guarantees accuracy, but because it reveals what organisations believe will matter most. Those beliefs shape priorities, investments and resilience strategies.
Emerging risk discussions often gravitate towards the unknown – the shiny new threat. But truly “new” risks are rare. The International Risk Governance Council defines emerging risks as: “a risk that is new, or a familiar risk in a new or unfamiliar context or under new conditions (re‑emerging).”
That second part matters. Re‑emerging risks are where the real work lies. For 2026, looking inward – re‑examining known risks under new conditions – will deliver insights that matter now. It will also equip organisations to spot genuinely new risks early and respond effectively.
When we asked respondents in WTW’s 2024 Emerging and Interconnected Risks Survey to look ahead two years – to 2026 – the top three drivers of emerging risk were clear: cyber, strategic performance and geopolitical risk. None of these are strangers to the risk register. They’re familiar risks under new conditions – re‑emerging risks that demand fresh thinking. We share what people chose and why so you can challenge your assumptions.
And then there’s a fourth dimension, one we believe most have overlooked: the interconnectivity of these risks. It’s not just what’s on the list, but how these risks collide and cascade that will challenge assumptions in 2026.
01
Cyber first appeared in the Word Economic Forum’s Global Risk Report 2012.[1] The term may be the same, but it would be incorrect to say the risk is the same. Perhaps unsurprisingly, many of the responses for why cyber ranked highest on the respondents’ ranking was from experience. In this case experience hasn’t given companies knowledge to prevent all future risks, but rather the knowledge that this known risk is changing far too rapidly to get comfortable. Survey responses found cyber risk spanning topics in: AI, cyber-attacks, geopolitical risks, operational disruption, and resourcing. When was the last time you reviewed what your “cyber” risk entails? Does AI fall within your cyber risk?
02
The risk landscape is increasingly crowded, challenging the strategic maps of even the most robust managers. Survey responses for the sources of these risks came from an increasingly long list of “exogenous factors:”[2] public perceptions, shareholders, suppliers, clients, legislation. Leaders recognize that failure, or even the perception of failure, in any arena will affect confidence, triggering losses and weakening the business. What aspects of your business come under consideration when reviewing your strategic performance risk? What does the spread of your stakeholders look like and how are you communicating your risk strategy?
03
Increased globalization in supply chains and finance allows goods and capital to move quickly worldwide in times of cooperation, but it also introduces systemic risks like contagions during financial crises and economic instability in times of political unrest. Operating in a global marketplace means that geopolitical tensions are now an everyday risk to most companies. Companies face higher costs, delays and must diversify supply chains further. How up to date are your geopolitical risk considerations? What aspects of the business fall into these considerations?
04
The risks of from cyber, strategic performance, and geopolitical categories each in isolation can significantly impact companies. But have you considered the impact of the interconnectivity of these risks? Not only did they appear in the top 3 of emerging risks, but they were some of the most highly connected emerging risks found in our survey. The difficulty of modelling cascading and interconnected risks often leaves business with an incomplete view of risk. By reviewing your known risks through a re-emerging lens of interconnectivity, the risk narratives become richer and provide a way to challenge missing connections and bring unseen or unappreciated risk dependences to the surface. Do your risk rankings consider the interconnectivity dimension to your risks?
2026 will not be about chasing novelty. It will be about challenging what we think we know. Cyber, strategic performance, and geopolitical risk are not static – they’re shape‑shifting under pressure. And their interconnectivity is the wildcard most have missed. The question is: will your risk process keep pace? Revisit the four actions we shared last year – they have never been more important.
