Digital disruption and climate change have emerged as the two fasting-growing risk areas for organizations across industries, according to a new report.
Based on feedback from more than 3,500 internal audit leaders around the world, global risk levels for digital disruption and climate change are projected to increase 20 percent and 16 percent, respectively, over the next three years, outpacing other risk areas. The research was conducted by the Institute of Internal Auditor’s Internal Audit Foundation for its latest Risk in Focus report.
Despite the growing intensity of these risks, most audit plans do not currently prioritize them, the study found. In fact, neither digital disruption nor climate change were named among the top five areas where internal audit functions allocate the most time and effort, with both ranked in the lower half of audit priorities. Globally, internal audit functions focus predominantly on cybersecurity, governance and corporate reporting, and business continuity, indicating a gap between evolving threats and current areas of attention.
“Our latest research tells us cybersecurity, business continuity, and human capital continue to hold the top three spots in risk ratings. However, respondents anticipate significant changes as risks related to climate change and digital disruption accelerate in the coming years,” said Anthony Pugliese, president and CEO of the IIA. “To ensure both short-term success and long-term sustainability, organizations and their internal audit functions must adapt risk management practices to keep pace with the changing risk landscape.”
Risk in Focus offers a comprehensive view of the current global risk landscape and how it is expected to evolve in the coming years. Because threats are expected to rise steeply for technological advancements and climate change, the 2025 reports focus on leading practices for mitigation of these risks.
Keeping Pace with Digital Disruption
Approximately 39 percent of survey respondents worldwide ranked digital disruption as a top five risk, with that number expected to jump to 59 percent in three years. For North America, these figures are even higher at 48 percent and 70 percent, respectively. Furthermore, respondents worldwide expect digital disruption to rise from the fourth to the second highest ranked risk area in three years.
Artificial intelligence (AI) has introduced new risks to track, especially related to cybersecurity, according to 75 percent of respondents. AI has also impacted many other risk areas, including human capital, fraud, communications, reputation, and more.
AI is a particular focus for internal audit leaders concerning technology-related risks. Specifically, challenges include upskilling and adopting new tools, as well as global disparities in access to and knowledge of emerging technology.
Climate Regulations Driving New Risks
Climate-related risks are currently ranked relatively low, but they are expected to rise substantially soon. About one in four (23 percent) of global respondents view climate change as a top five risk today. However, nearly 40 percent of respondents anticipate it will reach the top five in the next three years, climbing from 13th place to 5th.
Globally, roundtable participants agree that sustainability reporting and compliance requirements are the primary drivers for boards, management, and internal audit functions to allocate resources to climate change. The report revealed significant regional differences in climate-related risk perceptions. For instance, 33 percent of European audit leaders and 30 percent of Canadian audit leaders rate climate change as a top five risk, compared to 9 percent for U.S. audit leaders. Despite the U.S. position, North American respondents expect ratings for climate change as a top 5 risk will double from 13 percent to 27 percent in three years.
“While climate change has long been recognized as a growing risk for organizations, these findings reveal the extent to which climate-related risks are expected to surge in the near term,” said Pugliese. “It is imperative for organizations, stakeholders, and internal audit leaders to objectively assess the short-term and longer-term risks to their organizations beyond basic compliance with regulations.”
Extreme weather can cause supply chain disruptions, higher operational costs, flooding, famine, and more. Some consumers and investors are calling on organizations to implement more sustainability initiatives. These sustainability initiatives, however, must be reported accurately to avoid greenwashing and reputational damage.
Regional Risk Differences
The study also explored regional differences in the risk landscape through roundtables and separate Risk in Focus reports for Africa, Asia Pacific, Europe, Latin America, the Middle East, and North America. These regional reports outline proactive steps that organizations and audit leaders across industries can take today to mitigate threats and embrace opportunities.
Embracing artificial intelligence and emerging technologies will be critical, as well as prioritizing upskilling, technology-oriented training, and recruitment to manage these risks effectively.
“The IIA has strongly advocated for internal audit functions to take a more strategic advisory role to better serve organizations and stakeholders,” said Pugliese. “The Risk in Focus findings underscore the importance of agile collaboration and partnership among internal audit functions, boards, and management to stay ahead of emerging threats and improve understanding of potential risk exposures.”