Cyber risk has surged to the top of the business agenda, with 40% of business leaders saying cyber is the top risk they are unprepared for – up from 23% in 2025, according to a new report from BDO.
BDO’s Global Risk Landscape 2026 report found that cyber risk had jumped as organisations struggle to keep pace with the scale and speed of digital and AI‑driven change.
Richard Walker, national head of risk advisory services at BDO South Africa, says South African organisations are already dealing with a highly volatile and interconnected risk environment, so the findings of the BDO Global Risk Landscape Report really hits home. From geopolitical pressure to cyber and regulatory complexity, the message is clear – businesses need to move faster, break down risk silos, and treat risk as a shared responsibility if they want to stay resilient and competitive.
Walker says the growing risk of cybersecurity threats in South Africa and globally calls for decisive action and taking calculated risks even when the path ahead may be unclear. The pace of change means businesses can no longer just sit on the sidelines and wait for conditions to improve: they must be ready to act decisively and take calculated risks even when the path ahead may be unclear.
“The problem is that many organisations are still functioning with a risk management approach that is too narrow and theoretical to effectively act,” he says.
The BDO research, based on a survey of 500 global C‑suite executives in South Africa and globally, found that while cyber spending continues to increase, traditional approaches are failing to keep up with increasingly sophisticated threats — particularly as cyber teams are often brought into transformation programmes too late.
The report also found that:
- Crisis is the new normal: 80% say the global risk landscape is more defined by crisis than ever before, and 68% say the speed at which crises are impacting their organisations is increasing (up from 54% a year ago).
- Risk management is becoming less proactive: only 9% describe their risk management as “very proactive”, down from 19% in 2025.
- AI optimism is increasing, but governance gaps remain – 66% view AI as an opportunity (up from 57% in 2025), while concerns persist around data privacy, compliance and integration.
- Geopolitics is acting as a “risk multiplier” – increasing exposure across supply chains, cyber and regulation; business leaders rank geopolitical risk as a top-three risk that they feel unprepared for this year (25%).
- Fraud is falling down the agenda despite AI-enabled threats: 93% don’t rank fraud as a top risk, and just 13% are actively monitoring and updating defences against AI-enabled fraud, down from 79% of business leaders who said they had a plan in place to defend against AI-driven fraud last year.
Walker says the strategic cost of slow action, or even inaction, is no longer just missed business opportunities: organisations’ survival is potentially on the line if they are unable to make timely and proactive risk decisions.
Risk aversion, in other words, becomes a risk in itself. To navigate this unstable new world, businesses must move away from traditional risk management silos and instead embrace a future where risk ownership is shared via a holistic approach. This ensures organisations can get a more joined up view of what is happening in the risk landscape and how multiple threats interact with different parts of the business, enabling smarter, more coordinated decision-making.