Companies aren’t underprepared: they’re misprepared

Over the past five years, many organisations have discovered something uncomfortable: the problem was not a lack of risk frameworks, but a false sense of preparedness. Most had the right components in place. Risk frameworks existed. Crisis plans had been written. Insurance coverage was reviewed annually. The language of resilience had made its way into strategy decks. And yet, when disruption came, it did not behave in ways those systems were designed to handle. What failed was not the presence of risk management, but the assumptions behind it.

When efficiency becomes a liability

For decades, global business was shaped by a simple logic: optimise for efficiency. Supply chains were streamlined. Production was concentrated. Dependencies were accepted as rational trade-offs in exchange for lower costs and higher margins. That model worked. Until it didn’t.

Pandemics, sanctions regimes, export controls, and shipping disruptions exposed how tightly coupled many systems had become. What had been framed as efficiency revealed itself as fragility. A supplier is no longer just a supplier. A logistics route is no longer just a route. A jurisdiction is no longer just a market. Each is a potential point of disruption shaped by political, regulatory, or strategic forces outside the company’s control.

The shift is subtle but profound: exposure is now embedded in the structure of operations. For many organisations, this means that risk is no longer an external variable to be monitored, but a structural condition embedded in how they operate.

The return of power politics

At the same time, geopolitics has reasserted itself, not as background noise, but as a central variable.

Tensions around Taiwan, the prolonged consequences of Russia’s war in Ukraine, the conflict in the Gulf, and China’s evolving economic and security posture are no longer distant concerns. They shape trade flows, regulatory environments, and investment decisions in real time. Recent developments illustrate the point. In April 2026, Taiwan reported renewed Chinese military activity around the island in the same period Beijing hosted senior opposition figures for high-level political engagement, a reminder that commercial exposure to Taiwan is shaped not only by its role in global semiconductor supply chains, but by a persistent pattern of coercive pressure operating alongside diplomacy.

At the same time, the war with Iran and the disruption of traffic through the Strait of Hormuz, through which roughly a fifth of global oil flows, demonstrated how quickly a regional conflict can cascade into systemic economic risk. Within weeks, energy markets, shipping costs, and inflation expectations were materially affected, forcing companies far beyond the Middle East to reassess operational assumptions in real time. The second Trump presidency has indeed added another layer of uncertainty. Policy direction on trade, alliances, and enforcement may not only shift between administrations, but within them. For internationally exposed companies, predictability itself becomes a risk variable.

In this environment, geopolitical developments do not sit alongside business strategy. They actively reshape it.

A regulatory landscape without edges

Regulation has followed a similar trajectory. Sanctions, export controls, and financial compliance frameworks are increasingly applied beyond national borders. Companies are expected to navigate overlapping - and sometimes contradictory - legal regimes, often with limited clarity.

This creates a structural challenge: compliance is no longer about understanding the rules of one jurisdiction, but about managing exposure across many. The result is not just higher compliance costs, but greater uncertainty. Decisions that were once operational now carry legal and political weight.

The real gap: from awareness to action

Inside organisations, another pattern has emerged.

Awareness has improved. Information is abundant. Signals are detected earlier and more frequently than before. But action has not kept pace. Risk insights often remain disconnected from decision-making. They sit in reports, dashboards, or specialist functions: informative, but not always decisive. 

This is where many organisations are most exposed: not because they lack visibility, but because they struggle to translate it into timely, grounded decisions. Bridging that gap is less about adding more data, and more about embedding judgement where it matters.

A broader, more entangled risk landscape

At the same time, the boundaries of risk have expanded. Cyber threats are no longer purely technical. Disinformation can shape operational and reputational environments. Artificial intelligence introduces both opportunity and new forms of uncertainty.

These dynamics do not operate in isolation. They intersect with geopolitical tension, regulatory pressure, and market behaviour in ways that are difficult to model in advance.

The result is not just more risk but more interconnected risk.

What this actually means

The lesson is not that risk management has failed. It is that many organisations have been preparing for a version of risk that no longer exists.

Today’s environment is defined less by isolated crises and more by the interaction of multiple pressures: political, economic, technological, and regulatory. In that context, the objective shifts.

It is no longer about trying to anticipate every disruption. It is about building the capacity to interpret change early, challenge assumptions, and make better decisions under pressure.

A final thought

In a more volatile and less predictable world, the advantage does not come from having more information. It comes from knowing what matters to your organisation and acting on it in time.

This is where thoughtful risk advisory matters most: not as alarmism, and not as a substitute for leadership, but as a way to help organisations interpret change early, ask better questions, and make more grounded decisions under pressure. In a more volatile and fragmented world, the real value is often not in predicting every disruption, but in building the judgement, readiness, and decision-making discipline to navigate them more intelligently.