New Global Risks for Businesses: Strategies to Strengthen Resilience and Business Continuity

Businesses are increasingly exposed to various risks emerging with greater speed and impact. Cyberattacks, extreme weather events, geopolitical instability, and supply chain disruptions test operational continuity and the sustainability of business models.

These increasingly interdependent risks call for a new corporate culture that’s aware, structured, and proactive. In particular, Italian companies are integrating concrete tools into their strategy for the prevention, mitigation, and management of critical issues. This boosts their resilience and strengthens their future competitiveness.

WHAT ARE THE MAIN GLOBAL RISKS FOR BUSINESSES?
 

Businesses are facing an increasingly complex and interconnected risk landscape. Among the most significant threats are cyberattacks, operational disruptions, and natural disasters. These all reflect trends within global economic and production systems.

According to the World Economic Forum’s Global Risks Report 2025, cyber risk ranks among the top five perceived global risks. Cybercrime activities like data theft, ransomware, and disinformation campaigns are constantly evolving and affect all sectors indiscriminately. The growing sophistication of attacks, alongside the spread of AI-generated content, makes it increasingly difficult to distinguish between authentic and manipulated information. This has potentially devastating impacts on reputation, operational continuity, and data security.

Business interruption is another critical risk. Companies are especially concerned about operational halts caused by cyberattacks or extreme natural events. Even short disruptions can compromise contracts, revenue, and commercial relationships. Increasing geopolitical instability and the fragmentation of global supply chains further heighten corporate vulnerability.

Lastly, climate change continues to emerge as the greatest long-term concern, but also as an immediate reality. Floods, wildfires, heat waves, and storms are rapidly increasing in frequency and intensity. In Italy, the frequency and severity of floods, landslides, droughts, and heatwaves make climate risk something to factor into every strategic assessment. Over the past decade alone, damage from natural disasters in Italy has exceeded €3 billion per year.

THE IMPACT OF CYBERATTACKS ON COMPANIES: WHAT THEY ARE AND HOW TO PROTECT AGAINST THEM
 

Cybersecurity is now a central concern for all organisations, regardless of size or sector. The growing digitalisation of processes, extensive data use, and integration with external platforms and systems significantly widen the exposure area for attacks.

However, according to the Cyber Index PMI 2024, only 15% of Italian SMEs have reached a sufficient level of maturity to manage risk in a structured way. A further 56% are either unaware or completely unprepared, and 44% of companies acknowledge the risk but fail to intervene effectively.

In 2024 alone, 977 cyber events were recorded in Italy, 405 of which had a confirmed impact. The use of generative AI by cybercriminals has made these attacks more targeted and effective, increasing their potential to damage companies, supply chains, and entire production ecosystems.

The most common types of attacks include:

• Ransomware: Locking company data in exchange for ransom
• Supply chain attacks: Indirect attacks exploiting less-protected suppliers;
• Social engineering: Scams based on psychological manipulation;
• Deepfakes and AI-powered phishing: Manipulated content used to obtain access and data.

The damage is tangible and measurable. According to Clusit, the Italian Association for Information Security, cyberattacks on Italian businesses have increased by 300% over the past five years, with average damages exceeding €300,000 per incident. Moreover, the gap between cybercriminals’ offensive capabilities and companies’ defensive preparedness continues to widen.

Fortunately, Italian SMEs—though still catching up—are showing encouraging signs. In 2024, 31% of companies activated cyber insurance coverage, nearly double the previous year.

RISKS THAT COMPANIES MAY UNDERESTIMATE
 

Alongside well-known risks, there are more subtle yet equally dangerous vulnerabilities that companies often overlook. One critical area is the lack of a business continuity plan in the event of extreme events.

Many SMEs still lack a structured risk management system:

• Most do not conduct simulations or periodic testing for disruption scenarios.
• Only a minority systematically assess risks across their supply chain. 
• 94% of businesses operate in municipalities at risk of landslides, floods, or coastal erosion, yet fewer than 30% have insurance coverage for floods or earthquakes.

Insurance coverage for environmental damage, in particular, remains extremely limited. Only 0.64% of Italian businesses are currently protected, despite natural disasters in Italy causing around €34 billion in damage over the past decade. According to estimates by Centro Studi Confindustria, between 30% and 40% of SMEs could face losses of 5% to 10% of turnover by 2040 due to unforeseen events or increasing economic and environmental instability.

Even in the field of cybersecurity, while progress is encouraging, the gap remains wide. In 2024, 31% of SMEs activated a cyber policy, compared to 17% in 2023. This indicates greater awareness, but it is still insufficient given the scale of the threat. The consequences of a cyberattack can directly impact production capacity and significantly affect company performance indicators and market stability.

Inadequate preparedness can also lead to exclusion from international supply chains requiring high security standards. Climate and cyber risks are often perceived as isolated or unlikely events. But the data proves otherwise; for example, an increasing number of Italian businesses have already experienced economic, reputational, or operational damage due to extreme weather events, tech blackouts, and compliance issues within the supply chain.

Internal unawareness is also a risk. According to the IBM Cybersecurity Intelligence Index, over 80% of cyber incidents originate from improper or unaware user behaviour. This underscores the importance of continuous staff training.

WHAT ACTIONS SHOULD BUSINESSES TAKE?
 

To effectively tackle new global risks, businesses must combine prevention, protection, and reaction. 

The key actions include:

• Diversifying the supply chain
  Reducing dependence on single suppliers or critical geographic areas increases flexibility. Investing in multiple or alternative supply chains, including digital tools, boosts the ability to respond to unexpected disruptions.
• Enhancing insurance coverage
  Taking out insurance against natural events or cyberattacks is essential. New Italian legislation (MEF Decree No. 18/2025) has made insurance against natural disasters compulsory, but the market is still adapting.
• Investing in cybersecurity
  Companies must move from a reactive to a proactive approach. This includes adopting advanced technologies and integrating cybersecurity into governance and corporate compliance frameworks.
• Developing emergency plans
  Creating business continuity plans that account for climate, technological, and geopolitical scenarios enables timely responses and minimizes downtime.
• Adopting sustainable business models
  Sustainability is not only environmental, but also organisational. Low-emission models, digital processes, and traceable supply chains improve resilience and strengthen corporate reputation.

BUILDING RESILIENCE TO FACE THE FUTURE

Italian businesses today must build an operational model capable of withstanding shocks and evolving in an unstable context. Resilience—understood as the ability to adapt and maintain continuity—is a key lever for protecting corporate value.

In this regard, solutions are needed to support companies on this journey, helping to evolve organisational models toward greater solidity through digital tools, insurance protections, and dedicated consultancy.

Building a resilience strategy does not merely mean defending oneself. It means positioning the business more strongly in the market, conveying reliability to partners, and gaining a competitive advantage in a global context that rewards those ready to face change with vision and method.

All published or otherwise available material on the website — including trademarks, logos, domain names, images, videos, press releases, articles, and documents in general reproduced herein, as well as application software, codes, and format scripts used for the site's implementation — is the property of Intesa Sanpaolo, companies within the Intesa Sanpaolo Group, or companies with which Intesa Sanpaolo has entered into commercial agreements and is protected under copyright and trademark regulations. All rights are reserved. Therefore, without prior formal consent from the owner, such material may not be copied, downloaded, reproduced, used on other websites, modified, transferred, distributed, or communicated to third parties, except for personal use only, with any commercial use being strictly prohibited.