Core Insights - Incidents involving threats to individuals or client assets increased by over a third in 2025, accounting for 37% of all incidents reported to Alert:24 [1] - Political repatriation was the second most common peril, making up 19% of all incidents in 2025 [1] Industry Overview - The global risk environment in 2025 was reshaped by geopolitical volatility, economic pressure, shifting alliances, and youth-led activism, creating sustained uncertainty for international organizations [2] - Businesses faced a complex risk environment requiring them to safeguard people and assets, maintain operations, and strengthen long-term resilience [2] Incident Trends - The overall volume of incidents remained consistent with previous years, but the nature of risks evolved, with rising threat alerts in regions of geopolitical risk driving increased demand for intelligence and support [3] - Political instability is expected to reshape global trade, leading to ongoing uncertainty where single events can trigger widespread commercial disruption [4] Client Support and Insights - Jo Holliday, global head of crisis management, noted that 2025 was a challenging year for clients, with the Crisis Management and Alert:24 teams assisting in navigating a complex threat landscape [5] - The report aims to provide leaders with clear, data-driven insights to interpret dynamics and make informed decisions [5] Threat Frequency and Regional Distribution - There was a 10% rise in the total number of clients assisted in the first 11 months of 2025 compared to the same period in 2024, with incident notification frequency remaining consistent [7] - Sub-Saharan Africa recorded the highest number of client notifications for the third consecutive year, accounting for over a quarter of incidents, with nearly half originating in the DRC [7]

Core Insights - 84% of European high-risk profile organizations feel inadequately prepared to detect and manage insider incidents, highlighting a significant vulnerability in organizational security [1] Group 1: Insider Risk Context - Insider risk has evolved from being incidental to a fundamental risk, particularly in a geopolitical landscape where conflicts are increasingly economic, technological, and social in nature [2] - State actors, criminal networks, and activist movements are focusing on exploiting the human factor for destabilization, making insiders with access to sensitive information more attractive targets [2][3] Group 2: Geopolitical Developments - The rise of hybrid warfare has led to increased targeting of commercial organizations, including critical infrastructure and technology companies, by state actors and organized criminal networks [3] - State actors are utilizing criminal networks as proxies to conduct operations with minimal traceability, putting employees at risk through financial temptations, threats, and blackmail [4] Group 3: Supply Chain Vulnerabilities - Globalization of supply chains has heightened organizational vulnerabilities, as access to critical systems increasingly lies with third parties operating under varying legal and political regimes [5] Group 4: Organizational Resilience - Technical and physical security measures alone are insufficient; organizations must establish explicit risk ownership at the administrative level and foster collaboration among HR, security, risk management, and legal departments [6] - Geopolitical risks now extend within organizational walls, necessitating a proactive approach to prevent employees from becoming unintentional targets [6]