Cyber risk continues to dominate global business concerns, with AI rising quickly alongside it. According to a new risk survey from Allianz, both are influencing how organizations plan for disruption, resilience, and recovery across regions and industries.
Cyber incidents stay on top
Cyber incidents hold the highest ranking for the fifth consecutive year. Risk professionals describe a threat environment defined by ransomware, data theft, service outages, and regulatory exposure. These events affect revenue, trust, and operational continuity.
Cyber risk ranks first across regions and company sizes. This reflects shared exposure among industries that depend on digital infrastructure, cloud platforms, and external service providers. Companies with established security programs still report concern about the scale and speed of incidents.
Third party reliance plays a central role. Many companies depend on a small number of providers for cloud hosting, software platforms, and data processing. Participants in the survey link this concentration to business interruption scenarios that spread across connected environments.
Cyber and business interruption remain closely linked
Business interruption continues to rank among the top global risks, and respondents associate it closely with cyber incidents. Digital outages halt production, block payments, and disrupt customer service across locations.
Supply chains receive sustained attention. Industry risk leaders report limited confidence in the ability of supply networks to absorb shocks. Complex supplier relationships, just in time logistics, and shared digital systems increase disruption when failures occur.
Cyber incidents affecting one organization often extend into partner and customer environments. Firms experience delays, missed deliveries, and financial losses when a key supplier goes offline.
AI jumps into the spotlight
AI shows the largest shift in the rankings, moving into the top tier of risks. Those surveyed link AI to opportunity alongside operational, legal, and reputational exposure.
AI systems support decision making, automation, and customer interaction. Risk professionals cite concerns around system reliability, data quality, and accountability when automated outputs cause harm. These challenges increase as AI tools spread across business functions.
Many organizations report uneven AI adoption. Pilot projects and limited deployments remain common, with fewer enterprise wide rollouts. This leaves gaps in oversight and incident response readiness.
AI increases pressure on cyber defenses
The survey points to a strong connection between AI risk and cyber risk. Respondents describe AI as shaping both defensive capabilities and attacker behavior. Automation supports detection and response, and threat actors use similar tools to increase attack frequency.
AI driven systems expand the digital surface area organizations must defend. Errors or vulnerabilities in automated workflows can propagate quickly across systems, increasing the risk of cascading failures across business units.
Investment expectations reflect this overlap. Managing AI risk requires added security controls, monitoring, and governance structures. Security and risk teams see these demands adding strain to cybersecurity programs.
“Large companies’ investments in cybersecurity and resilience have been paying off, ensuring they can detect and respond to attacks early. However, cyber risk continues to evolve. Companies are increasingly reliant on third party providers for critical data and services, while AI is supercharging threats, increasing the attack surface and adding to existing vulnerabilities,” explains Michael Bruch, Global Head of Risk Consulting Advisory Services, Allianz Commercial.
Misinformation becomes a business issue
Advances in GenAI have increased attention on misinformation and disinformation risks. Respondents link synthetic media and automated messaging to harm involving brand trust, market stability, and political exposure.
These risks extend beyond communications teams. Coordinated misinformation campaigns can trigger regulatory scrutiny, customer churn, and internal disruption. Risk leaders describe these scenarios as difficult to detect early and challenging to contain once they spread.
The findings reflect growing awareness that information risk intersects with cybersecurity, legal oversight, and crisis management.
Skills and governance lag behind technology
Workforce readiness remains a key concern tied to AI adoption. Companies surveyed focus on training, reskilling, and role redesign to support new technologies. Risk professionals see these efforts as necessary to maintain control over automated systems.
Governance frameworks receive less attention. Respondents report slower progress in establishing oversight for ethical use, accountability, and compliance. This creates uncertainty when automated decisions lead to unintended outcomes.
AI governance and cyber resilience appear closely connected. Both require cross functional coordination, ownership, and tested response plans.