Fewer than half of U.S. organizations feel prepared to face key enterprise risks in 2026, from AI-powered cyberattacks to a fragmented regulatory landscape, according to a new survey of 500 senior executives by AlixPartners.

Why it matters: The report reveals a significant and widening gap between the escalating threats U.S. businesses face and their readiness to manage them, creating vulnerabilities across cybersecurity, legal compliance, and financial operations.

By the numbers:

  • 65% of respondents cite cybersecurity incidents as one of the most concerning risks for the next 12 months.
  • 80% say the fragmented regulatory landscape for AI puts their compliance efforts at risk.
  • 63% expect corporate disputes, such as commercial litigation, to increase in the next year.
  • Only 48% feel "very prepared" to address financial crime and fraud.
  • Just 35% feel "very prepared" to respond to potential changes in geopolitical sanctions, down from 44% in 2025.
The big picture: The survey paints a portrait of a business environment where risks are converging from multiple fronts. Economic volatility, shifting federal enforcement priorities, a patchwork of state-level regulations, and geopolitical tensions are creating a complex threat landscape that many companies are struggling to navigate.

Zoom in on AI and Cyber: The rapid adoption of artificial intelligence is introducing new layers of risk and compliance challenges.

  • While federal policy has shifted to an "innovation-first" approach, a lack of a national standard has left companies to grapple with varying state and international laws.
  • Concern over AI-powered cyberattacks doubled from 17% in 2025 to 34% this year, yet nearly 75% of companies have not completed system upgrades to address these threats.
  • This comes as the average cost of a data breach in the U.S. hit a record high of over $10 million last year.
Between the lines: The adoption of new technologies like AI and cryptocurrencies is outpacing the implementation of necessary risk controls.

  • While 59% of companies are already using or testing crypto for payments, less than half have established critical controls like escalation procedures or third-party risk assessments.
  • Similarly, 45% of businesses still lack key elements of AI governance, deepening their exposure in an uncertain regulatory environment.
What to watch: The gap between awareness and action on data privacy remains a key vulnerability. While 73% of leaders believe enhancing data encryption is crucial for their industry, only about half are implementing it at their own companies, representing a 23-point shortfall.
See the full 2026 U.S. Risk Survey report here:

SOURCE: AlixPartners

NOT FOR REPRINT

© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.