Operational risks for businesses are escalating as networks become increasingly complex, according to a new survey of C-suite executives. The findings, released on , highlight growing concerns around cybersecurity and the vulnerabilities introduced by third-party dependencies.
The survey, conducted by Moody’s, reveals a heightened awareness among top-level executives regarding the potential for disruption. Keith Berry, head of corporate and government solutions at Moody’s, explained that the increasing interconnectedness of systems is creating new avenues for attack and expanding the potential impact of security breaches. While the full details of the Moody’s survey are behind a registration wall, the initial findings underscore a trend already visible across multiple sectors.
This concern isn’t isolated. A separate survey released on , by Protiviti and North Carolina State University’s ERM Initiative, found that 69% of the 1,540 board members and C-suite leaders polled see significant opportunities for revenue growth in the next two to three years
, but also identified cybersecurity
as the leading investment area for 43%
of respondents. The Protiviti/NC State survey specifically flagged cyber threats
as a top near-term global risk, followed closely by third-party risk
, emerging tech adoption
, and the need for workforce upskilling
.
The emphasis on third-party risk is particularly noteworthy. Businesses increasingly rely on external vendors for critical functions – from cloud services and software to supply chain management and data processing. This reliance, while offering efficiency and cost savings, introduces a significant attack surface. A breach at a third-party provider can have cascading effects, impacting numerous organizations simultaneously. The recent focus on supply chain security, particularly in sectors like pharmaceuticals and life sciences, demonstrates this growing awareness. As noted in a recent report, C-level leaders in these industries are grappling with converging third-party risks and changing regulations
.
The Protiviti survey also highlighted concerns around the integration of artificial intelligence (AI). While 31%
of executives see integrating artificial intelligence with their existing technology processes and workforce
as a top priority, it also ranks among the near-term global risks. This suggests a cautious approach to AI adoption, recognizing the potential for unintended consequences and security vulnerabilities. The Harvard Law School Forum on Corporate Governance has also begun tracking AI risk disclosures in S&P 500 companies, focusing on reputation, cybersecurity, and regulatory compliance.
Beyond traditional cybersecurity threats, businesses are also facing a surge in cyber-enabled fraud. A report released on , by the World Economic Forum identifies this as one of the most pervasive global threats. The report points to how interconnected systems and third-party dependencies
can be exploited to create systemic vulnerabilities
. This isn’t simply about data breaches; it’s about the manipulation of financial systems, supply chains, and critical infrastructure.
The convergence of these risks – increasing network complexity, reliance on third parties, the rapid adoption of AI, and the rise of cyber-enabled fraud – is forcing C-suite executives, including Chief Technology Officers and Chief Risk Officers, to reassess their security strategies. Investment priorities are shifting towards proactive measures, including enhanced threat detection, robust incident response plans, and more rigorous third-party risk management programs.
The Protiviti survey indicates that businesses are responding with investment. Beyond cybersecurity, top priorities include business process improvement
, infrastructure modernization
, data privacy
, and customer experience
. This suggests a holistic approach to risk management, recognizing that security is not simply a technical issue but a business imperative.
However, simply throwing money at the problem isn’t enough. Effective risk management requires executive alignment, a clear understanding of the threat landscape, and a willingness to adapt to evolving challenges. As Joe Kornik, senior director of editorial programs at Protiviti, noted, Opportunities and risk are interdependent forces that are working together, and I think business leaders who recognize that will be a little bit more strategically ready to face 2026 and beyond
.
The increasing sophistication of cyberattacks and the growing complexity of business operations mean that organizations must prioritize resilience. This includes not only preventing breaches but also minimizing the impact of successful attacks and ensuring business continuity. The focus is shifting from simply avoiding risk to managing it effectively and building a more secure and resilient future.
