New Report: Economy, Cyber Threats and Talent Dominate List of Critical Risks for Boards and Executives

Media Contacts:

Prosek Partners
Pro-protiviti@prosek.com 

Suzanne Stanard
NC State University
sjstanar@ncsu.edu

MENLO PARK, Calif., (February 13, 2025) — Above all other concerns, the economy remains the number one risk keeping global business leaders up at night, according to a new survey from Protiviti and North Carolina State University’s Enterprise Risk Management (ERM) Initiative. The survey measures the most pressing business risks over the next 2-3 years, as well as a decade later. Economic uncertainty and volatility are expected to persist as leaders grapple with inflation, tariffs, geopolitical upheaval, growth in AI and other emerging technologies, and upcoming policy changes from new administrations globally.

The 13th annual survey, “Executive Perspectives on Top Near- and Long-Term Risks,” polled 1,215 board members and C-suite executives around the world about their views on 32 macroeconomic, strategic and operational risks facing their companies over the near term (two to three years ahead) and the long term (a decade later). In today’s interconnected risk landscape, business leaders face complex uncertainties but feel better prepared to operate in a volatile environment and keep pace with change.  

Top 10 Global Risks (over the next 2–3 years)

1. Economic conditions, including inflationary pressures
2. Cyber threats
3. Ability to attract, develop and retain top talent, manage shifts in labor expectations and address succession challenges
4. Talent and labor availability
5. Increases in labor costs
6. Heightened regulatory change, uncertainty and scrutiny
7. Third-party risks
8. Rapid speed of disruptive innovations enabled by new and emerging technologies and/or other market forces
9. Adoption of AI and other emerging technologies requiring new skills in short supply
10. Emergence of new risks from implementing artificial intelligence

A notable change in the results is that board members and executives generally feel more positive about their organization’s resilience, agility and preparedness to deal with crises or changes in the market. Resistance to change was ranked as the fourth biggest risk for companies in 2023 and has fallen to 17th place for this year’s survey, indicating that companies have established more agile business models and frameworks for identifying and responding to the unexpected.

“Despite the volatile economic environment with deglobalization, tariffs and the threat of trade wars, and changing regulation , leaders are feeling more confident that their organizations are battle-tested and better prepared to deal with disruption whether it’s anticipated or not,” said Matt Moore, global leader of risk & compliance, at Protiviti. “Global leaders will need to tap into this confidence to adapt to evolving policies in the U.S. and abroad.”

Talent Risks Remain High: AI Risks Permeate Everything

Following the hype that surrounded all things AI in the last few years, it’s now clear that the risks AI poses are embedded in several of the other top 10 risks. This is especially true when looking at the talent related risks. As AI technology evolves to agentic and physical AI, this will require widespread reskilling and upskilling, so workforces are prepared to meet the demands of the future.

It’s Not “If” But “When” For Cyber Attacks

Boards and C-suite leaders ranked cyber threats as the second most concerning risk over the next two to three years, outranked only by the economy. Cyber threats also represent the most-cited long-term operational risk for executives, with 31% selecting it among their two most concerning operational risk issues for the next decade.

“The widespread impacts of a breach permeate an entire company, resulting in financial loss, reputational damage, legal consequences, operational disruption and theft of sensitive data, among others. It’s imperative that CISOs keep an open line of communication with the C-suite and Board to maintain a working understanding of their cyber risk profile and have concrete plans on how they will mitigate rising third-party risks and potential nation-state cyberattacks,” said Andy Retrum, global leader, technology risk & resilience, Protiviti.

The Road Ahead: Top Risks for 2035

The study asked respondents to rank their top two risks a decade out across three risk categories:

Macroeconomic risk outlook:

1. Economic conditions, including inflationary pressures
2. Talent and labor availability

Strategic risk outlook:

1. Heightened regulatory change, uncertainty and scrutiny
2. Rapid speed of disruptive innovations enabled by new and emerging
   technologies and/or other market forces

Operational risk outlook:

1. Cyber threats
2. Ability to attract, develop and retain top talent, manage shifts in labor
   expectations and address succession challenges

Many of the near-term risks continue to show up in the long-term assessment – the economy, talent and cyber remain center stage. While leaders may be confident about their ability to deal with change, it’s clear that the impacts of today’s risks are expected to persist into the next decade.

It is not just the top risks, but those a little further down the list that give insight into the risks on the rise for the next decade. Just over one-fifth (22%) of global executives ranked geopolitical shifts as one of their top two macroeconomic risk over the long term. Customer loyalty (22%) and supply chain (16%) were also on the minds of survey respondents, with a sizeable number of respondents selecting them as one of their top two operational and strategic risks respectively.

Mark Beasley, professor of Enterprise Risk Management, director of North Carolina State’s ERM Initiative and co-author of the report, said: “The best companies will see these risks as inherently interconnected. Too often, companies are looking at risks in silos where one hand isn’t consistently talking to the other. To address the future impacts of AI, geopolitical events
and regulation, executives will need effective collaboration to strengthen their organization’s resilience.”

Resources Available

The “Executive Perspectives on Top Near-Term Risks and Long-Term Risks” report from Protiviti and North Carolina State University’s ERM Initiative provides detailed results and analysis broken out across executive positions and industry groups.

A webinar will be held Tuesday, Feb. 25 at 1 p.m. ET, where panelists will share key takeaways from the survey, explore the interconnected nature of emerging risks and their strategic implications. Panelists include Carrie McNish, managing director, people & change, Protiviti; Constantine Boyadjiev, risk & compliance analytics global leader, Protiviti; and Ryan McCarthy, senior director, security & privacy, Protiviti.

About Protiviti

Protiviti is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and its independent and locally owned member firms provide clients with consulting and managed solutions in finance, technology, operations, data, digital, legal, HR, risk and internal audit through a network of more than 90 offices in over 25 countries. Named to the Fortune 100 Best Companies to Work For ®  list for the 10th consecutive year, Protiviti has served more than 80% of Fortune 100 and nearly 80 percent of Fortune 500 companies. The firm also works with government agencies and smaller, growing companies, including those looking to go public. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI).

About the Enterprise Risk Management (ERM) Initiative

The Enterprise Risk Management (ERM) Initiative in the Poole College of Management at North Carolina State University provides thought leadership about ERM practices and their integration with strategy and corporate governance. Faculty in the ERM Initiative frequently work with boards of directors and senior management teams helping them link ERM to strategy and governance, host executive workshops and educational training sessions, and issue research and thought papers on practical approaches to implementing more effective risk oversight techniques.