Business executives are most worried about the risks from cybersecurity and third-party exposure, but see opportunities for growth in the next few years, according to a new survey.
The
The top near-term global risks cited by them include cyber threats, followed by third-party risk, emerging tech adoption and workforce upskilling, legacy IT and operational performance gaps, and economic conditions and inflation. The top investment priorities over the next two to three years include cybersecurity, followed by business process improvement, infrastructure modernization, data privacy and customer experience.
"This year, business leaders are ready to act amid disruption and ready to embrace innovation, strategic partnerships and long-term vision to drive transformation and realize growth opportunities," said Joe Kornik, senior director of editorial programs at Protiviti, during a panel discussion he moderated. "Opportunities and risk are interdependent forces that are working together, and I think business leaders who recognize that will be a little bit more strategically ready to face 2026 and beyond. But business leaders are not really out to avoid those risks. They're leveraging them to drive innovation and growth. Certainty is the only uncertainty. That's one of the things that has come out of the survey. Business leaders have shifted from caution to confident action, and the biggest risk in our mind is just not doing anything. The biggest risk organizations face is just being stagnant."
The survey asked the business leaders about 28 different kinds of risk divided across three dimensions, focusing on macroeconomic, operational and strategic issues.
"The idea of risk and opportunity go together, and so in this particular year's edition, we've also asked a number of questions that get at what the executives see on their minds as it relates to opportunities for growth, looking at areas of growth and where they see their priorities are going to be," said Mark Beasley, professor and director of NC State's ERM Initiative. "Building on that, we asked them specifically to give us some ideas of what some of their strategic investment priorities are, what they are going to be investing in, and then particularly diving into how AI plays a role in that."
Cybersecurity has become a major concern for many organizations and their chief information security officers, the survey found, especially with the proliferation of generative AI technology making it easier for cybercriminals to carry out cyberattacks, ransomware attacks, deepfakes and phishing schemes.
"Traditionally, cybersecurity, being more of a technology concern or issue, has shifted to become much more of a business imperative," said Sameer Ansari, global CISO solutions leader at Protiviti. "There's a few different forces at play there. You have board members that sit on boards of multiple companies. They're seeing what's happening in other organizations in which they're providing direction and understanding what that cyber threats can do. You have executives seeing what's happening with their peers in terms of some of these cyber threats."
He cited the rise of ransomware, supply chain attacks and other breaches, causing them to look internally at how exposed their organizations are and what kind of issues they face. "As individuals do business with companies, they expect that their data, their financials, are going to be protected," he added.
The study found that about one-third of leaders are prioritizing risks related to data for AI use and cybersecurity exposures, Kornik noted. In terms of the most significant AI implementation concerns, nearly one-third (31%) of the leaders polled are focusing on data integrity and cybersecurity exposure tied to AI, while a similar share (31%) is actively integrating AI into operations
"Today, they're just moving out of the proof of concepts and trying to figure out where's the best fit for AI within their firms, and they are having to measure and manage the risks in different ways," said Kim Bozzella, global CIO solutions and technology leader at Protiviti. "We're seeing greater operational risks inherent with AI."
Among those risks are AI bias and model degradation. Trust needs to be built and maintained within both internal and external teams at an organization, as well as third parties in terms of quality assurance. "Obviously, AI is not always correct," Bozzella added. "You need to build the QA functions and all the capabilities to make sure that you have heavy oversight processes in AI."
The long-term strategic priorities favored by the survey respondents include customer focus and competitive edge; security and privacy; AI deployment; market resilience and talent strategy.
Accounting Today asked about the talent challenges from the changes in immigration policies this past year with increased deportations and changes in the H-1B visa program.
"I think it impacts the supply for sure," said Fran Maxwell, global CHRO solutions and people and change leader at Protiviti "When you take away a population they're no longer able to pull from, I think that absolutely impacts their ability to hire."
"From a macro standpoint, absolutely there is an accounting identity for GDP growth, and that is labor force growth plus productivity," said Julia Coronado, president and founder of MacroPolicy Perspectives. "Both of those can be impacted by these immigration policies. If you don't have a workforce, you can't grow, and if you can't bring in the talent you need, then you can't achieve productivity gains, so it's a major, major challenge from a macro standpoint."
