Risk & Resilience

In an era where risk is increasingly interconnected, multifaceted, and shifting in real time, organizations can no longer rely on static frameworks to manage governance, risk, and compliance (GRC). Traditional tools such as policies, controls, and spreadsheets, while valuable, no longer offer the adaptability required to navigate the complexities of today’s business landscape. Risk no longer exists in isolated silos; it cascades through supply chains, reverberates across organizational structures, and evolves in response to forces like regulatory change, geopolitical events, environmental disruptions, and rapid technological advancements. To thrive in this turbulent environment, organizations need GRC tools that are as dynamic and fluid as the risks they aim to mitigate.

If 2024 taught us anything, it’s that stability is fragile, and in 2025, it’s still up for negotiation. In its latest Stability in the Financial System report, Sweden’s financial watchdog, Finansinspektionen (FI), doesn’t mince words. The risks on the horizon, from geopolitical tensions to economic headwinds, are piling up. In fact, FI says the likelihood of negative shocks is higher now than it was just a few months ago.

Risk-!n 2025 in Zurich was far from just another GRC conference. It was a gathering that transcended the usual discussions around compliance and risk management. As media sponsors, we had the privilege of witnessing an event that felt like a catalyst for change—a space where over 300 professionals came together, sparked conversations, and explored how governance, risk, and compliance can be more than just a regulatory checkbox.

GRC Report has been granted an exclusive first look at OCEG’s comprehensive 2025 GRC Maturity Survey, and one key finding stands out with striking clarity: having a well-defined GRC strategy is the single most powerful differentiator in organizational GRC maturity.

As Gen Z increasingly enters the workforce and takes the reins in shaping corporate cultures, environmental sustainability and technology, particularly artificial intelligence (AI), are rising to the forefront of workplace expectations. A new survey from Deloitte reveals that these concerns are not only driving career choices but also redefining what it means to be a responsible corporate entity in today’s rapidly evolving risk landscape.

In today's risk landscape, regulatory-driven practices often fail to deliver meaningful value. Graeme Keith examines the challenges and opportunities presented by the dichotomy between Risk Management 1 (RM1) and Risk Management 2 (RM2). By exploring the unintended consequences of regulatory pressure on risk management systems, Keith presents a case for evolving traditional risk practices into a more strategic, decision-supportive approach.

In his most recent article, Norman Marks investigates whether cyber truly stands as the top risk for organizations today. While surveys consistently highlight cyber as one of, if not the leading risk, Norman dives deeper into the data and offers a unique perspective on whether this truly reflects the reality organizations face.