Organizations are facing economic, technological and geopolitical disruptions at an unprecedented level, demanding more proactive strategies to manage risk. It is critical that organizations not only build end-to-end risk management and resilience capabilities, but that they also develop practical strategies for putting risk and resilience plans into action.
The 2025 KPMG Risk and Resiliency Survey, which surveyed more than 200 C-suite leaders of large organizations, revealed a troubling disparity between organizational awareness of the urgent need to improve resilience and execution of the fast, agile and continuous risk management measures necessary to manage threats and disruptions that organizations are currently dealing with.
The Current State of Risk and Resilience Management
As resilience is paramount to survival and success, bridging this gap should be a priority for executives in all industries. A good starting point is to assess what is working and what is not across risk and resilience strategies, structures, tools and capabilities.
In the KPMG survey, leaders acknowledged the importance of risk and resilience management, but many businesses lacked structured systems needed to address sudden, broad disruptions. Almost half of leaders (48%) said their organizations had a centralized structure managing risk and resilience, but only 17% had resilience plans that extend beyond critical processes.
In addition, the survey found:
- 26% of organizations had strong collaboration and a holistic, cross-functional view of risks
- 15% were heavily reliant on advanced analytics to identify, monitor and manage risks
- 41% expressed high confidence in their leadership’s ability to effectively manage risk
These results suggest that many organizations lack the agility to cope with a dynamic risk landscape. Reactive risk management—focused on tracking specific risks, but without visibility to manage widespread risk impacts or ensure broad risk coverage—is ineffective at anticipating and responding to crises.
How to Build a Resilient Enterprise
Businesses need resilience strategies and capabilities that are tightly connected, gap-free, and able to adapt rapidly to change and keep pace with evolving threats. While every organization is unique, business leaders can take key steps to strengthen their organizations’ resilience:
Start at the top with leadership buy-in. Successful risk and resilience management begins with full cooperation from top leadership, starting with building a strong understanding of the link between risk and resilience. Organizations with a consistent and uniform view of risk perform better in tracking emerging risks, experience fewer barriers, maintain more advanced capabilities and gain stronger confidence in the C-suite’s understanding of business risks.
Centralize, integrate and collaborate. To ensure cohesive and well-informed decision-making, organizations need to avoid encapsulated processes and point solutions scattered across multiple business functions that do not talk to each other or that make it difficult to collaborate. A centralized and integrated approach can help organizations promote collaboration when identifying and managing risks.
Embed resilience into business strategy. Align and build risk management and supporting capabilities with the business strategy to achieve greater resilience. The survey indicated that leaders are starting to have the right conversations and ask the right questions, such as: What is most critical? What drives revenue? What would impact our reputation? What would shut us down? When resilience is embedded into the business strategy, it strengthens the organization’s ability to quickly adapt in the face of adversity.
Utilize technology and tool sets for better outcomes. Specialized technologies such as governance, risk and compliance (GRC) platforms, artificial intelligence and advanced analytics can increase resilience and support a more robust approach to risk management. While two-thirds of organizations in the survey had mostly automated their processes, only 11% had achieved full automation.
Avoid a one-and-done approach. Organizations can foster a culture of resilience and continuous improvement that rewards accountability for risk-taking, clarity through specific policies and guidelines, and cross-stakeholder engagement in matters that impact the company’s well-being.
Adopt ERM processes. Enterprise risk management (ERM) can make a critical difference in integrating risk management functions and enhancing an organization's resilience. By promoting collaboration among different functions, ERM ensures that risk and resilience strategies are robust, aligned and continuously improved.
Leverage external data sources for greater understanding. Integrate external data sources like market trends, industry benchmarks, government agencies, academia, consultancies and third-party data providers into your risk analysis procedures. This can help ensure that your risk perspectives are comprehensive and well-grounded.
Proper risk and resilience management is more critical than ever, yet many organizations struggle to translate recognition into action. Indeed, according to the survey, 72% of organizations face moderate or strong barriers to effectively managing risk. Bridging the gap requires a proactive, integrated approach that emphasizes leadership accountability, centralized frameworks and strategic collaboration. As threats continue to evolve, resilience must remain a continuous priority.