Enterprise risk leaders are heading into 2026 facing a more volatile world than ever before. Geopolitical instability, economic uncertainty, and regulatory pressure are reshaping how organizations operate. But one force is accelerating how all these risks surface and compound: AI.
According to ServiceNow’s 2026 Risk & Security Outlook, unpredictability and technology, particularly AI, have become the dominant drivers of enterprise-wide risk. They aren’t introducing entirely new threats. Instead, they’re accelerating the speed, scale, and interconnection of existing risks. As a result, even small failures can ripple quickly across systems, suppliers, and markets.
For our inaugural Risk & Security Outlook, we surveyed 1,000 senior executives across 11 industries worldwide. Nearly half of organizations (47%) report low to moderate confidence in their risk posture over the next 12 months—leaving them poorly positioned if risks intensify in 2026, as many executives expect.
“AI is collapsing the distance between risk and response,” says Ben de Bont, chief information security officer at ServiceNow. “When systems, identities, and workflows are deeply interconnected, disruption doesn’t stay contained; it cascades across the business at machine speed. That means leaders have less margin for error—and less time to respond.”
The nature of risk itself is changing, according to many of the leaders we surveyed. Over the last three years, technology and AI risks have risen sharply, making today’s global risk landscape more unpredictable, interconnected, and complex.
This shift reflects how deeply AI has become embedded across the enterprise—and how tightly those systems are connected to other partners, platforms, and third parties. In such dense ecosystems, disruptions rarely stay local.
“Enterprise-wide risks today are shaped less by isolated failures and more by hidden dependencies,” says Dave Wright, chief innovation officer at ServiceNow. “As organizations share data and workflows across platforms, partners, and third parties, a single disruption can expose vulnerabilities far beyond where it originated.”
Executives overwhelmingly expect AI to intensify cyber risk over the next 12 months. The sharpest increases are expected in phishing and social engineering, insider threats, and data/IP theft, as adversaries use AI to automate reconnaissance, personalize attacks, and exploit weaknesses at scale.
Concern is also rising around disinformation, cloud misconfigurations, and denial-of-service attacks, particularly in cloud and SaaS environments, where missteps can go undetected until damage is done.
These trends are especially pronounced in sectors such as healthcare, nonprofits, and life sciences. Financial services and technology organizations report higher confidence—but remain far from immune.
“As AI becomes embedded across the enterprise, risk management becomes a leadership discipline, not just a technical one,” de Bont says. “Visibility and governance determine whether organizations absorb disruption or amplify it.”
(Click here to read the full Q&A with ServiceNow CISO Ben de Bont report.)
More than 80% of organizations are using generative and agentic AI, often across core business and risk workflows. But adoption is outpacing confidence—and, in many cases, governance.
Across every major risk dimension, many executives report low to moderate confidence in their ability to manage the downsides of these systems. The biggest concerns cluster around biased or unfair outputs, loss of human oversight, and sustainability impact from the energy required to power AI workloads.
Additional concerns include model drift and unintentional exposure of sensitive data. These are not edge cases. Rather, they are structural risks tied to how AI systems learn, act, and evolve over time.
The takeaway: Advanced AI rewards experience, discipline and sound governance. Organizations that move fast without governance accumulate risk. Over time, that risk will compound. Those that pair AI adoption with checks, governance, and deep oversight are far better positioned to capture value without amplifying exposure.
While risk priorities vary across industries and regions, AI consistently emerges as the factor accelerating exposure. Financial services, healthcare, and insurance face heightened risk due to sensitive data and regulatory scrutiny. Automotive, telecoms, and technology organizations face elevated operational and safety risks driven by software-defined products and global supply chains.
Across regions, executives describe different pressure points—but a shared concern that AI is amplifying both opportunity and vulnerability.
In North America, executives focus more heavily on AI-enabled cybercrime, cloud misconfigurations, and insider risk as digital complexity grows. In Europe, regulatory change and data governance loom larger, with AI risk closely tied to compliance and cross-border accountability. Across the Asia Pacific region, rapid innovation and geopolitical volatility heighten concern about how quickly AI-driven risks can emerge and cascade.
