U.S. organizations are struggling with rising corporate litigation risk, financial crime exposure, AI regulation challenges and cybersecurity threats, alongside significant preparedness gaps, according to AlixPartners’ 2026 U.S. Risk Survey.
“These findings offer an important signal for C‑suites and their boards. As risks continue to evolve, organizations benefit from taking a clear view of where they may be exposed and reinforcing their defenses,” says Sean Dowd, partner and managing director at AlixPartners. “That starts with rigorously identifying the most consequential vulnerabilities and taking a pragmatic approach to addressing them.”
Key takeaways:
· More than 60% of respondents expect corporate disputes to increase in 2026, as economic uncertainty, AI-driven upheaval and cryptocurrency adoption deepen litigation exposure.
· Eight in 10 say developing federal AI policy—in its relaxed framing—poses strategic risk to compliance efforts in an increasingly fragmented regulatory landscape.
· Cybersecurity incidents rank as the most concerning risk event in the next 12 months (65%), yet less than half (48%) are “very prepared” to address cyber threats, even as attacks escalate.
· Fewer than half (48%) of respondents feel “very prepared” to address financial crime and fraud in 2026. Technology investment remains the top resource to combat it, yet confidence in risk-detection technologies dropped 20% year-over-year.
· Accelerating AI adoption poses internal and external risks, with about half of organizations still lacking key elements of AI governance, such as an AI governing body/committee. The share who see AI-powered attacks as a top cybersecurity concern doubled from 2025—to 34% from 17% last year—but nearly three quarters (74%) have not completed system upgrades to address such threats.
· Nearly six in 10 (58%) cite data privacy as among the most concerning risk events their organizations face, but action lags awareness. Only 50% say their organizations are enhancing or plan to enhance data encryption, for instance, even though 73% say that measure is among the most important to address data privacy challenges for companies in their industry.
· A majority (59%) is either already using crypto for payments and transactions or testing use cases. Yet the lack of more involved safeguards heightens risk: fewer than half (45%) have escalation and off-ramp procedures in place, while just 44% conduct third-party risk assessments for BaaS/Fintech partners.
· Amid mounting geopolitical tensions, only about a third (35%) of organizations are “very prepared” for potential changes in sanctions, compared to 44% who said the same in 2025.
