Survey shows most firms manage risk at basic level as 2026 pressures build
North American employers face rising costs, tougher regulations and mounting cyber threats, but most still manage risk with only basic tools.
According to the HUB International 2026 North American Report, one-third of companies operate without a mature, organization-wide risk management strategy, despite escalating financial and operational pressures.
The report draws on proprietary research across 10 industries and introduces a Risk Management Maturity Model to help organizations assess their current state and identify next steps for strengthening risk practices.
The report said leaders see a widening gap between knowing their exposures and acting on them.
Many organizations recognise today’s environment as complex and fast-changing, but they are not updating risk strategies at the same pace.
Marc Cohen, chairman and chief executive officer of HUB, describes the disconnect bluntly, “Most organizations know about the cracks in their foundation, but awareness alone doesn’t translate into readiness,” he said.
He added that in the current environment, leaders should track how prepared their organisations are for uncertainty and focus on improving how they identify and manage exposures as part of overall business planning.
According to the survey, rising operating and labour costs remain the top pressure on profits for both US and Canadian organizations.
HUB reports that 92 percent of respondents expect these costs to affect profitability, yet only 22 percent say they feel completely confident managing them.
Geopolitical risk has also moved up the agenda.
As per the report, more than one-third (34 percent) of leaders now see geopolitical instability as a threat to profits, up from 19 percent in the previous year, and only 15 percent feel completely confident in managing this exposure.
Regulatory and legal risk has become another fast-growing concern.
HUB notes that the share of respondents who view regulatory and legal challenges as a key threat rose from 29 percent to 50 percent year-over-year, as organizations respond to evolving rules in data privacy, AI, cyber, environmental issues and corporate governance.
Technology, cybersecurity and AI-related risks now sit among the most prominent worries.
According to HUB, 60 percent of leaders rank these issues among the top three threats to organizational profitability, while confidence in managing them remains low.
At the same time, leadership often concentrates accountability in a narrow group.
The survey shows that only 15 percent of respondents agree that risk management is a shared responsibility across employees, even as cyber, technology and reputational exposures grow.
HUB’s Risk Management Maturity Model frames risk management as a capability that must operate alongside overall business strategy.
However, survey responses suggest that many organizations remain stuck at an early stage:
-
As per the survey, half of respondents say their organizations operate at only a basic level of risk maturity, focusing mainly on compliance, safety and regulatory requirements.
-
Only 5 percent of organizations report characteristics that align with advanced risk maturity.
