Cyber risk continues to dominate global business concerns, and AI is rapidly emerging along with it. Both are impacting how organizations plan for disruption, resilience and recovery across regions and industries, according to new risk research from Allianz.
Cyber incidents remain at the top
Cyber incidents have been at the top for the fifth year in a row. Risk experts describe a threat environment defined by ransomware, data theft, outages, and regulatory exposure. These events impact revenue, confidence, and business continuity.
Cyber risk ranks number one across regions and companies of all sizes. This reflects shared exposure across industries that rely on digital infrastructure, cloud platforms, and external service providers. Companies with established security programs continue to report concerns about the scale and velocity of incidents.
Trust in third parties plays a central role. Many companies rely on a small number of providers for cloud hosting, software platforms, and data processing. Study participants associate this concentration with business interruption scenarios that extend across connected environments.
Cyber and business interruption remain closely linked
Business interruption continues to rank at the top of global risks, with respondents closely associating it with cyber incidents. Digital outages halt production, block payments, and disrupt customer service across locations.
Supply chains continue to receive attention. Industry risk leaders report limited confidence in the ability of supply networks to absorb shocks. Complex supplier relationships, just-in-time logistics, and shared digital systems increase disruption when failures occur.
Cyber incidents that impact one organization often spread to partner and customer environments. When key suppliers go offline, companies experience delays, non-deliveries, and financial losses.
AI is in the spotlight
AI showed the biggest change in the rankings, coming in at the top of the list for risk. Those surveyed see AI as an opportunity, along with operational, legal, and reputational risks.
AI systems support decision-making, automation, and customer interaction. Risk experts cite concerns about system reliability, data quality, and accountability if automated output causes harm. These challenges will increase as AI tools spread across business functions.
Many organizations report uneven adoption of AI. Pilot projects and limited deployments will continue to be common, and enterprise-wide deployments will be less common. This leaves gaps in monitoring and incident response preparedness.
AI increases pressure on cyber defenses
The study points to a strong link between AI risk and cyber risk. Respondents explained that AI is shaping both defensive capabilities and attacker behavior. Automation supports detection and response, and attackers use similar tools to increase the frequency of attacks.
AI-driven systems expand the digital surface area that organizations must protect. Errors and vulnerabilities in automated workflows can quickly propagate throughout the system, increasing the risk of cascading failures across business units.
Investment expectations reflect this overlap. Managing AI risks requires additional security controls, oversight, and governance structures. Security and risk teams believe these demands are putting a strain on cybersecurity programs.
“Large enterprises’ investments in cybersecurity and resilience are paying off, allowing them to detect and respond to attacks earlier. However, cyber risks continue to evolve. Companies are increasingly reliant on third-party providers for critical data and services. “At the same time, AI is increasing the threat, expanding the attack surface and increasing existing vulnerabilities,” explains Michael Bruch, Global Head of Risk Consulting and Advisory Services at Allianz Commercial.
Misinformation becomes a business problem
Advances in GenAI have brought increased attention to the risks of misinformation and disinformation. Respondents associate synthetic media and automated messaging with harm related to brand trust, market stability, and political exposure.
These risks extend beyond the communications team. Coordinated disinformation campaigns can lead to regulatory scrutiny, customer churn, and internal disruption. Risk leaders say such scenarios are difficult to detect early and difficult to contain once they spread.
The findings reflect the growing recognition that information risk intersects with cybersecurity, legal oversight, and crisis management.
Skills and governance lag behind technology
Workforce readiness remains a key concern related to AI adoption. Companies surveyed are focused on training, reskilling, and role redesign to support new technologies. Risk experts believe these efforts are necessary to maintain control of automated systems.
Governance frameworks have received less attention. Respondents report delays in establishing oversight for ethical use, accountability, and compliance. This creates uncertainty when automated decision-making leads to unintended consequences.
AI governance and cyber resilience seem to go hand in hand. Both require cross-departmental coordination, ownership, and tested response plans.
