Despite stability across most top risks, our latest Top Risk Review H2 highlights a sharp escalation in fraud exposure driven by AI advancements and a volatile geopolitical environment. Both External Fraud and Internal Fraud have increased in materiality, signalling growing vulnerability to both external threat actors and insider risks.
The Top Risk Review H2 2025 shows that overall risk rankings have remained reasonably consistent since the H1 review in May this year; however, fraud-related risks are rising sharply. External Fraud has moved from sixth position into the top five risks, while Internal Fraud has seen a significant increase in materiality, making it one of the fastest growing risks. The review attributes the rise in fraud exposure to socioeconomic pressures, continued geopolitical tensions and increasingly sophisticated fraud methods enabled and accelerated by AI. In the face of these challenges, employees are also becoming more vulnerable to external fraudsters who are actively seeking to recruit internal threat actors, making the boundary between Internal Fraud and External Fraud increasingly blurred.
Steve Bishop, ORX Research and Information Director explains:
The geopolitical landscape acts as a driver across many risks, not just External Fraud. Survey responses indicate that although, there is a sense of getting used to political unrest, recent developments (e.g. a high-profile assassination in the USA and drone sightings in Europe) are reinforcing a general sense of uncertainty. Increasingly, geopolitics is the thread responsible for weaving the interconnected nature of risk.
Perhaps less surprisingly, due to ongoing digital transformation and deeper embedding of AI to support business operations across sectors, the top four risks are consistent with Top Risk Review H1: Information Security (including Cyber), Third Party, Technology and Data Management.
Figure 1: Changes to risk rankings since our last review
When comparing year on year, scores paint a picture of progressive turbulence as even the usually stable bottom four risks - Internal Fraud, Legal, Statutory Reporting & Tax, Physical Security & Safety - have seen particularly high percentage increases.
Like External Fraud, Business Continuity has moved up a place since H1, and up two rankings year on year. Survey respondents recognise that strengthening operational resilience must extend beyond business continuity management, in response to complex digital infrastructures, disruptive cyber attacks, physical climate events and geopolitically motivated attacks.
For the first time, survey participants were asked to predict their scores for each risk in six months’ time. The results were surprisingly optimistic, with almost all average predictions lower than current scores. Tools investment, tighter governance to improve oversight, maturing third-party risk programmes and new initiatives to drive a more unified approach to risk management are some of the tactics risk managers plan to deploy. However, as many participants also expected the environment to remain volatile, it remains to be seen whether this predicted reduction in scores will happen.
Steve Bishop, ORX Research and Information Director concludes:
ORX members and ORX Lite subscribers can read the latest H2 2025 Top Risk Review to find out the entire risk rankings.
