As businesses enter 2026 facing accelerating AI adoption, geopolitical instability, and increasing supply chain disruption, cyber risk has emerged as the top global risk for 2026, according to Allianz Commercial’s 15th annual 2026 Risk Barometer survey report. It is the fifth year in a row that cyber has ranked number one across all company sizes, with 42% of respondents indicating it was their greatest concern.
This year’s report, states Allianz, recorded 3,338 responses from 97 countries and territories and 23 industry sectors, including risk consultants, underwriters, senior managers, claims experts, and other risk management professionals in small, medium, and large companies. Cyber took the lead by a 10% margin—higher than ever before—and was followed by artificial intelligence (AI, 32%); business interruption (29%); changes in legislation and regulation (26%); natural catastrophes (21%); climate change (19%); political risks and violence (15%); macroeconomic developments (14%); fire, explosion (13%); and market developments (13%).
Cyber Incidents Rank First
Cyber incidents include cyber-crime, IT network and service disruptions, malware/ransomware, data breaches, fines, and penalties. “Businesses are conscious of the need to invest in protection against cyber incidents, including increasing AI-driven threats,” states the report. “Around 90% of respondents say they anticipate making a ‘moderate’ (47%) or ‘high’ (43%) investment in cyber loss prevention, with just 9% intending to make a low investment.”
The report cites the FBI, noting that cybercrime losses in the U.S. “soared to a record $16.6 billion in 2024, a 33% increase annually,” with ransomware having evolved “into a sophisticated ecosystem in which specialist groups known as initial access brokers gain unauthorized access to an organization’s systems, which they sell on to affiliates that carry out the attack and demand ransom payments.” Allianz Commercial cyber claims analysts have found that ransomware accounts for 60% of the value of large cyber claims that occurred during the first half of 2025, “while 40% of the value of large cyber claims seen during this period included data theft, up from 25% in all of 2024.”
There is also a growing concern for cyber’s influence on business interruption and supply chains, as several attacks have caused significant disruption to both, leading to wider economic disruptions over the past year. “Companies, even when not directly affected by the cyber incident, may not be able to process orders, make payments or manufacture goods. It can take months for an organization to recover and rebuild its systems following a ransomware attack—a task that is made even more difficult when it involves a complex just-in-time supply chain with thousands of suppliers.”
Outages of critical digital services and infrastructure due to technical and/or human error are increasing in frequency and severity and also causing significant disruption to the supply chain. Meanwhile, “non-attack incidents, such as wrongful collection and processing of data, as well as technical failure, accounted for a record 28% of large claims by value during 2024, according to Allianz Commercial claims analysis.”
Another significant concern is overreliance on third-party suppliers, such as cloud services. Allianz states that over three quarters of companies use cloud services in most or all areas of their operations, yet just three companies control more than 60% of the global cloud infrastructure. Furthermore, AI is enabling attackers to automate the attack process, making executing attacks easier for those who do not possess technical skills.
AI
AI climbed to its highest-ever position at number two, up from number 10 the previous year. “As AI adoption accelerates and becomes more deeply embedded in core business operations, respondents expect related risks to intensify” in 2026, with the greatest challenges being identified as implementation, liability exposures, and misinformation and disinformation, according to the report.
Challenges organizations face when integrating AI include greater exposure to system-reliability issues, data-quality constraints, integration hurdles, shortages of AI talent, and remaining stuck in pilot mode. Furthermore, “new liability exposures are emerging around automated decision-making, intellectual property misuse, and uncertainty over who is responsible when AI-generated outputs cause harm,” according to the report. Nearly half (47%) of respondents indicated moderate investment would be needed to manage the risks that come with AI adoption, while 43% indicated the investment needed would be “high.”
There were three primary categories of AI risk identified in the survey: operational risk, including business interruption, failed or misaligned systems, and errors cascading through automated workflows; legal and compliance risks, including breaches of emerging regulations, liability for harmful AI outcomes, and sanctions under evolving government frameworks; and reputational risks, including brand damage tied to misinformation, unethical AI use, data breaches, or biased decisions affecting customers or employees.
Organizations are focusing on three core actions to address these risks: “upgrading AI governance frameworks, including model-risk management, monitoring, and human-in-the-loop oversight; investing in employee training and responsible-AI practices, from bias detection to data-quality assurance; and developing contingency and incident-response plans for AI-related failures or misuse, such as misinformation incidents, model malfunctions, or rapid rollback needs.”
Organizations also expressed concern over other emerging technologies. Nearly one fifth of survey respondents (19%) indicated fear over quantum computing technology and its potential ability to render current encryption obsolete when asked about “the most plausible ‘black swan’ or ‘perfect storm’ scenarios that could occur in the next five years.”
Business Interruption
Business interruption ranked third on the Risk Barometer, largely due to tariff wars, trade policies, regional conflicts, and uncertainty in the global economy. Allianz, citing Verisk Maplecroft, notes that “business assets have seen a 22% jump in exposure to conflict areas, following an almost 90% rise in areas affected by armed fighting over the last five years,” As a result, the closely related risk, “political risks and violence,” climbed two places to number seven, while “changes in legislation and regulation” remained unchanged at number four, but with an increased number of respondents, “driven by concerns about growing protectionism.” Global supply chain disruption triggered by a geopolitical conflict was indicated as the most likely “black swan” event to occur over the next five years, according to survey respondents.
“Global trade and supply chains are being reshaped in a world divided by geopolitics, protectionism, and the effects of climate change,” states the report. “In the past year alone, trade restrictions have tripled to affect an estimated $2.7 trillion of merchandise, according to Allianz Trade—nearly 20% of global imports—fueling trends such as friendshoring and regionalization.”
To address these changes, half of survey respondents indicated that they are exploring new markets and products. Furthermore, “almost half (49%) are renegotiating and diversifying supply chains, while a similar number indicate they are streamlining operations to cut costs, and/or investing in advanced analytics and supply chain management software.”
Companies overwhelmingly lack confidence in their supply chains, with only 3% rating them as “very resilient,” according to the report. Fifty-eight percent believe their companies’ supply chains to be “somewhat resilient,” while 32% believe they are “resilient” to disruptions caused by “geopolitical conflicts, shifting trade patterns, or critical infrastructure failures.”
The report emphasizes that companies will need to implement a holistic, integrated resilience strategy in response to these concerns. This includes expanding the roles and focus of risk managers and ensuring they leverage tools and approaches that support proactive risk mitigation, rather than merely prevention. “The combination of data, AI, advanced analytics and more affordable sensors will increasingly enable companies to identify and predict likely sources of loss and invest in preventative actions, therefore avoiding costly damage and business interruption.”
Changes in Legislation and Regulation
Changes in legislation and regulation, which includes tariffs, new directives, and sustainability requirements, ranked number four in this year’s survey. The report notes that deregulation in both the U.S. and in Brussels, while seemingly positive at first glance, brings the downside of divergence. “While the U.S. appears set to continue its broad deregulatory push aimed at lowering business costs and boosting competitiveness, Europe is likely to pursue selective regulatory simplification while maintaining its long-standing commitments to robust rules and safety. Meanwhile, China is expected to maintain its calibrated approach, seeking to foster innovation while preserving state oversight and strategic control of key sectors.” As a result of this divergence, global risk increases by “[fragmenting] compliance expectations, [reshaping] competitiveness, and [increasing] uncertainty at a time of geopolitical, technological, and financial volatility,” according to Ludovic Subran, chief economist, Allianz.
The report states that digital and AI regulation will be the most strategically consequential risk domain in 2026. The EU is implementing the AI Act alongside the recently published Digital Omnibus Regulation, which aims to “streamline and clarify” the EU’s rules. Meanwhile, the U.S. is pursuing a flexible model, while China is implementing AI rapidly with state-driven controls, resulting in “triangular regulatory fragmentation in AI governance: Europe prioritizes safety and rights, the U.S. favors innovation and flexibility, and China emphasizes state control and data localization.”
Additionally, sustainability regulation is shifting into an era of dilution and asymmetry, according to the report, with the EU “easing parts of its environmental, social, and governance (ESG) agenda by narrowing the obligations of the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD)…Meanwhile, the U.S. is backing away from several federal climate commitments, and other jurisdictions are pausing or recalibrating their sustainability trajectories.”
Natural Catastrophes
The fifth risk in the ranking is natural catastrophes, including storms, floods, earthquakes, and wildfires, followed closely by climate change. It dropped two places in the Allianz Risk Barometer from number three to number five since last year, while climate change dropped from number five to number six. This is despite the fact that 2025 economic and insured losses were high—although lower than the 10-year average—and still caused significant challenges for businesses.
The year began with the Palisades and Eaton wildfires in California, which caused $65 billion in economic losses and $40 billion in insured losses—damage to the extent of which has not been seen before, according to Allianz.
Of the 13 hurricanes that formed, only three made landfall, and none made landfall in the U.S.; however, Hurricane Melissa served as a “reminder of the devastation a single storm can cause.”
Despite the drop in the Risk Barometer, Allianz emphasizes that natural catastrophes should remain on the radar for businesses, as climate change increases the likelihood of events like the California wildfires, hurricanes, and landslides. The report also points toward the danger of often-overlooked “secondary perils,” such as flooding, severe thunderstorms, and wildfires.
Other Top Risks
Political risks and violence ranked number seven on the Risk Barometer, encompassing war, political instability, terrorism, polarization, coup d’état, civil unrest, strikes, riots, and looting. It climbed two positions to an all-time high, with war perils being a significant fear for 2026, as 53% of respondents closely follow civil unrest threats. The risk of terrorism has also increased and has resulted in “a big allocation of security resources to policing and monitoring key infrastructure.”
Macroeconomic developments, encompassing inflation, deflation, monetary policies, and austerity programs, fell one spot from last year to number eight. “Despite the profound geopolitical shifts—triggered by the introduction of ‘America First’ policies in the form of sweeping tariffs, withdrawals from multilateral frameworks, and the weakening of traditional alliances—the global economy performed better than anticipated,” according to Allianz. Although the global economy is expected to remain consistent with the pace of the past three years, the results of fragmentation and other significant changes and its implications for the economy are expected to become clearer in 2026, according to Allianz.
Fire and explosion ranked number nine as a well-managed risk—however, it is still a significant cause of business and supply chain disruption. In an Allianz Commercial analysis of over 1,000 insurance industry claims over five years, fire was the most frequent driver of claims and accounted for more than 36%. Fire risk has increased with the increased prevalence of lithium-ion batteries and the mishandling of them. Allianz emphasizes fire mitigation strategies, such as prevention planning and fire extinguishing measure implementation.
Lastly, market developments, including intensified competition/new entrants, M&A, market stagnation, and market fluctuation, ranked number 10. According to Allianz, “businesses may be justified in anticipating another resilient year in capital markets marked by robust returns, strong M&A activity and relative rate stability. But there is little room for complacency.”