Skip to content

Top Risk Review H1 2026: Volatility becomes "the new normal" as interconnected risks test firms' resilience

POSTED BY
false
Top Risk Review H1 2026: Volatility becomes "the new normal" as interconnected risks test firms' resilience
4:54

Our latest Top Risk Review H1 suggests volatility has become the new normal for financial firms. While risk scores remain relatively stable, Business Continuity has entered the top five risks as threats of disruption remain prevalent. At the same time, firms are demonstrating resilience amid the pressures of AI adoption, geopolitical uncertainty and ongoing transformation.

Drawing on insights from more than 300 respondents – the largest response in the survey’s history – the Top Risk H1 Review reveals a risk landscape defined by sustained volatility, growing interconnectivity and increasing pressure on firms’ ability to manage change at pace.

While overall risk scores show signs of stabilising, with some risk materiality scores reflecting a modest decline, our findings suggest this reflects a growing familiarity with disruption rather than a reduction in underlying threats. Instead, firms are navigating a “new normal” where geopolitical shocks, rapid technology evolution and supply chain dependencies are closely intertwined, amplifying exposure across the risk profile.

The top four risks remain unchanged from 2022; Information Security (including Cyber), Third Party, Technology and Data Management, highlighting the continued impact of digital transformation and external pressures on financial services firms.

top risk h1 2026 pic

 

Figure 1: Average materiality scores of the top 5 risks in ranked order. (Based on the 16 Level 1 risks from the ORX Event Type Reference Taxonomy.) 

However, this latest report points to an important shift: Business Continuity has entered the top five risks, reflecting heightened concern around operational resilience in an increasingly complex and interconnected risk environment.

 

Figure 2: Changes to the top 5 risk rankings since our last review.

As in the H2 2025 Top Risk Report, survey respondents identified the growing challenge of managing risks that cut across traditional organisational boundaries e.g. cyber threats, third-party dependencies, data governance and technology transformation. Geopolitical instability continues to act as a key risk driver, with the recent escalation in West Asia (Middle East) reinforcing concerns about service disruption, supply chain fragility and broader economic uncertainty. Firms increasingly recognise that operational resilience requires co-ordinated oversight across risk, technology and third-party ecosystems.

The rapid adoption of AI is driving new vulnerabilities. A particular challenge unearthed in the report includes the impact of poor data and how data quality, governance and control are becoming critical for preventing unintended consequences. AI is also accelerating risks across cyber and fraud, enabling more sophisticated attack methods and lowering barriers for threat actors.

A significant finding from the report is the growing strain caused by multiple, concurrent transformation programmes. Regulatory change, technology modernisation, AI adoption and data remediation are all competing for limited resources, placing pressure on delivery and control effectiveness. Furthermore, People risk is identified as a critical, cross-cutting amplifier, with skills shortages, workforce changes and fatigue increasing the likelihood that other risks – particularly cyber and fraud – will worsen.

Despite the pressures, survey respondents report improved effectiveness in managing key risks, supported by a greater investment in tools, governance frameworks and data-driven capabilities. Respondents were asked to predict how risk scores might change over the next six months, with most expecting scores to decrease. Our findings suggest this growing confidence reflects not a reduction in risk, but a greater familiarity with operating in a volatile environment.

Steve Bishop, Research and Information Director at ORX, comments:

“Firms are adapting to a world where disruption and volatility are no longer exceptions, but the norm. While it’s encouraging to see growing confidence in risk management capabilities, what’s clear is that the biggest challenge for firms is understanding how risks interact.

“Risks like cyber, third party and technology are increasingly interconnected, cutting across functions and exposing gaps in traditional risk operating models. To stay ahead, firms need a more joined-up, enterprise-wide approach to risk and resilience, one that improves coordination, strengthens accountability and reflects the pace of change driven by AI, geopolitics and ongoing transformation.”

 


ORX members and ORX Lite subscribers can read the latest H1 2026 Top Risk Review to find out the entire risk rankings.