The low-growth economic environment, caused by tariff-driven trade tensions and other conditions, moved into the top rank of emerging risks for the third quarter of 2025, according to Gartner, a business and technology research and consulting company.
The Quarterly Emerging Risk Report series surveys the views and concerns of enterprise risk management leaders, risk management professionals, internal auditors, and senior executives’ views on emerging risks or risks on the horizon.
The third-quarter report, based on a survey of 184 senior risk and audit executives, also revealed mounting concern around artificial intelligence. AI-related information governance-driven risks, moved up in rank, from the fourth most cited spot in the second quarter of 2025 to the second rank in the third quarter, and shadow AI moved from the fifth ranked spot to the third spot, as organizations face challenges in effectively monitoring its use.
“The top five emerging risks in the third quarter highlight a continuum of concern related to two broad themes for enterprises that emerged in the second quarter: A volatile low-growth macroeconomic environment, and AI as the disruptive technology that can increase compliance risks quickly as it is adopted by the mainstream,” said Gamika Takkar, director of research at Gartner’s Risk and Audit Practice.
Navigating Complex Emerging Risk Signals
The universe of risks continues to diversify. As emerging risks grow more complex, 72 percent of ERM leaders say taking timely action is highly important. However, only 15 percent say they are confident in determining what information to spotlight.
“Amid varying emerging risk signals, heads of ERM should prioritize tactics to identify emerging risks that require immediate stakeholder attention for timely response,” said Takkar.
To effectively recognize risks that need immediate attention, risk leaders should take these three steps to fully evaluate the impact and prioritize response:
- Set up impact thresholds using diverse parameters. Assess diverse impact parameters, including regulatory, reputational and ESG dimensions to shortlist high-priority emerging risks.
- Link emerging risks with strategic priorities. Analyze how emerging risks impact strategic priorities to facilitate targeted action steps that prevent must-avoid outcomes (MAOs).
- Use response time with impact and velocity. Factor in organizational response time along with impact and velocity to prioritize emerging risks.
Enterprise risk leaders can also set impact thresholds using a range of parameters to consider. These include issues like regulatory impact, which may cause issues that lead to regulatory shutdowns or licensing issues and legal impact, which could cause precedent-setting legal action. Reputational and customer impact are also important considerations as they could risk irreversible damage and trust, causing customer attrition.
“Enabling ERM leaders to navigate the noise and identify risks that require timely action is top of mind for any enterprise,” said Takkar. “To make sense of conflicting signals, leaders must be cognizant of risk prioritization tactics and ensure timely stakeholder to avoid strategic derailment.” 