Interconnected Risks Redefine Cyber and Geopolitical Threats for 2026

Willis Towers Watson (WTW) explores how familiar threats are resurfacing under new conditions in its article "Challenging what we think we know: It's the re-emerging risks in '26," written by Jen Daffron, emerging risks research lead at WTW. In the article, WTW examines how organizations' expectations about future risks shape decision-making, investments, and resilience strategies, even when those expectations ultimately prove incomplete.

According to the article, emerging risks are often misunderstood as entirely new threats. Per WTW, truly new risks are rare. Instead, the article cites the International Risk Governance Council's definition of emerging risks as either new risks or familiar risks appearing in new or unfamiliar contexts. The author said this distinction is critical because re-emerging risks—known risks under new conditions—are where organizations must focus their attention heading into 2026.

Per the article, results from WTW's 2024 Emerging and Interconnected Risks Survey asked respondents to look ahead to 2026. The top three drivers of emerging risk identified were cyber risk, strategic performance risk, and geopolitical risk. According to WTW, none of these risks is new to organizations, but each is re-emerging under changing conditions that demand renewed scrutiny and fresh thinking.

The article also highlights a fourth, often overlooked dimension: risk interconnectivity. According to the author, the challenge is not only identifying which risks matter most, but understanding how they interact, collide, and cascade. WTW said this interconnected nature of risk will be one of the defining challenges for organizations in 2026.

Per WTW, cyber risk illustrates how a familiar threat continues to evolve. The article notes that cyber risk first appeared in the World Economic Forum's Global Risk Report in 2012, but according to the author, the risk has changed significantly since then. Survey respondents cited experience as a key reason cyber ranked highest, with WTW noting that experience has shown organizations how rapidly the risk continues to shift. According to the article, cyber risk now spans areas including artificial intelligence, cyber attacks, geopolitical influences, operational disruption, and resourcing challenges.

Strategic performance risk also ranked highly in the survey, according to WTW. Per the article, respondents identified an expanding list of external factors—such as public perception, shareholders, suppliers, clients, and legislation—that influence strategic outcomes. The author said leaders increasingly recognize that actual or perceived failure in any of these areas can undermine confidence, trigger losses, and weaken organizational performance.

Geopolitical risk was identified as another major re-emerging risk. According to WTW, globalized supply chains and financial systems allow for efficiency during periods of cooperation but also introduce systemic vulnerabilities during times of political unrest or economic instability. The article states that geopolitical tensions have become an everyday risk for many organizations, leading to higher costs, delays, and the need for greater supply chain diversification.

Finally, according to the author, the most significant challenge may lie in how these risks connect. WTW said cyber, strategic performance, and geopolitical risks were not only ranked among the top emerging risks but were also among the most highly interconnected risks identified in the survey. Per the article, difficulties in modelling cascading and interconnected risks often leave organizations with an incomplete view of their overall risk exposure.

WTW said that revisiting known risks through a lens of interconnectivity can enrich risk narratives, surface overlooked dependencies, and challenge assumptions embedded in existing risk rankings. According to the author, understanding these connections is essential for building a more accurate and resilient risk framework.

In closing, WTW said that 2026 will not be defined by chasing new threats, but by challenging assumptions about familiar ones. According to the article, cyber, strategic performance, and geopolitical risks are not static—they continue to shift under pressure, and their interconnections amplify their impact. The author said the key question for organizations is whether their risk processes can evolve quickly enough to keep pace.