Aon’s 2025 Global Risk Management Survey highlights the top risks for business leaders around the world. Alison Goodwin, public sector practice leader at Aon, and Anthony Connolly, strategic risk consultant at Aon, explore how these risks affect public sector organisations and the steps they can take to remain resilient.
Understanding the risks an organisation faces and how these evolve and interact is key to building greater resilience. And, with the risk landscape more dynamic and connected than ever, this insight can help organisations be better prepared and protected.
Aon’s Global Risk Management Survey (GRMS), which is based on research across nearly 3,000 decision makers, highlights the top risks and how they affect organisations. Run every two years, it enables organisations to see how risks are evolving and put appropriate mitigation in place.
Top risks
Cyber is the top risk, both current and future. Threats are constantly evolving but the research found that only a small proportion of organisations have quantified their cyber exposure. Without this, it can be difficult to manage this risk effectively.
Also in the top three are business interruption and economic slowdown. These highlight the importance of building resilience into an organisation, enabling risks to be identified quickly and appropriate mitigation action put in place to keep operations running.
There were some notable movements outside the top three. Geopolitical volatility entered the top 10 for the first time, reflecting concerns about how events such as war and sanctions might disrupt supply chain and trade.
Conversely, human capital risk dropped out of the top 10. This may simply be because attention has shifted to areas such as cyber and technology-driven threats but, with the right talent key to dealing with every risk, attracting and retaining the right people should remain focus for every organisation.
Public sector implications
The findings of the survey make valuable reading for public sector organisations. They face the same top-end risk profile as large UK corporates but with the additional hurdles of tighter budgets, legacy technology and political constraints.
There’s a further challenge for many public sector organisations. Restructuring programmes – whether local government reorganisation, police mega-force proposals, or the first super-university – are creating significant change in organisations.
Bringing together different systems and cultures makes it harder to manage risk. Focus can shift to reorganisation, and key skills, talent and knowledge can be lost. Ensuring risk is properly understood and appropriate measures are put in place during any transition phase is essential.
GRMS also highlights the importance of a more forward-thinking approach to managing risk. Risks are constantly evolving and interconnected so understanding how the demographics and needs will shift over time enables an organisation to deliver the right services and risk management strategies.
This is particularly important for public sector organisations given the critical nature of many of their services. Using data, both an organisation’s own but also external sources, can help project and prepare for future needs.
Risk strategy priorities
As well as building organisational resilience by taking a more long-term view, GRMS highlights three key areas that UK public sector risk managers should prioritise.
These, the actions organisations can take, and the support Aon can provide, are as follows:
- Cyber and technology risk
Cyberattacks and data breaches are common in the public sector, with the attack on multiple London councils in November 2025 a recent example. And, with public sector organisations holding highly sensitive citizen data and running critical infrastructure, an attack can cause long-lasting disruption and reputational damage.
To protect themselves, organisations must start with a better understanding of the risk. We recommend moving from qualitative ‘red/amber/green’ assessments to scenario-based cyber quantification. What would happen if ransomware took core systems offline for 15 days? Or a major data breach put citizens’ sensitive data at risk?
Cyber risk assessments should also be aligned with government standards (NCSC guidance) and information governance requirements (ICO, Data Protection Act).
It’s also sensible to review your organisation’s cyber insurance strategy. Determine what cover is in place and then test the limits, any sub-limits and exclusions, and the incident response support against realistic scenarios.
At Aon, we can support you with a range of tools and expert cyber advice. This includes cyber risk quantification and modelling; coverage gap analysis, incident response planning and tabletop exercises; and advice on AI governance and model risk. We can also help you arrange cyber insurance. More competition in the market means it’s much easier to arrange cover and even organisations that may have been declined in the past could get insurance.
- Business interruption, resilience and supply chain fragility
Public sector organisations are increasingly dependent on complex ecosystems, whether that’s through outsourcing, cloud technology, or voluntary sector partners. But, where a supplier fails, it can seriously disrupt an organisation’s operations too. The risk of this is heightened by increased geopolitical volatility. Conflict, sanctions or the introduction of tariffs could seriously affect existing supply chains.
Identifying potential vulnerabilities by mapping end-to-end service delivery chains for critical public services is essential. Resilience should also be stress-tested for potential scenarios such as a cyberattack on a supplier; loss of a technology provider; or disruption due to conflict. Organisations are facing very different risks to 10 years ago, with the shift to more remote working a key example, so consider how this shapes the risk landscape.
As risk is heightened, contingent business interruption and non-damage wordings should also be re-examined to ensure cover will respond appropriately.
We can support this work and help you look to improve resilience across your organisation and its supply chains. This includes enterprise risk and resilience diagnostics, using GRMS benchmarks to compare your position against that of your peers; scenario analysis and business interruption modelling, which can help to set resilience and insurance priorities; and supply chain mapping and political risk advice for organisations with global supply chains.
- Governance, data and analytics
GRMS shows that UK organisations are ahead of their global peers when it comes to tracking exposure to risks and demonstrating insurance programme value. But, with the government focusing on value for money and outcome-based assurance, more work can be done to show how investment in risk and insurance delivers.
To strengthen this governance, risk managers should adopt a data-driven approach to risk. This enables them to quantify key risks, especially cyber and major operational outages, and track total cost of insurable risk, including premiums, retained losses and risk improvement costs. This will make it easier to evidence decisions on limits, deductibles and self-insurance.
Governance should also be strengthened for emerging risks such as AI, ESG scrutiny and climate transition. Quantifying these risks and integrating them into strategic planning will create greater resilience.
Aon can support your work in this area. We have risk financing and total cost of risk tools to optimise the balance between insurance, self-insurance, reserves and risk mitigation. We can also benchmark your organisation against GRMS peers on areas such as risk maturity and board engagement levels to help you win the business case for change.
Supporting your organisation
Whether it’s support with the three priorities outlined above; advice around reorganisation to ensure risk is understood and managed throughout the process; or expertise around adopting a more long-term view to building resilience, Aon can help. As well as our expertise in the public sector, we have a specialist risk consulting team who can provide additional support.
More information
To discuss any of the issues in this article – or to receive your copy of the Global Risk Management Survey – speak to your Aon account manager or contact Alison Goodwin at [email protected].
About Aon
Aon plc (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues in over 120 countries provide our clients with the clarity and confidence to make better risk and people decisions that protect and grow their businesses.
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information and use sources that we consider to be reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
Follow Aon on LinkedIn, X, Facebook and Instagram. Stay up-to-date by visiting the Aon's newsroom and sign up for News alerts here. ©2026 plc. All rights reserved.
This article has been compiled using information available to us up to 12/02/2026.
Aon UK Limited is authorised and regulated by the Financial Conduct Authority. Aon UK Limited is registered in England and Wales. Registered number: 00210725. Registered Office: The Aon Centre, The Leadenhall Building, 122 Leadenhall Street, London EC3V 4AN. Tel: 020 7623 5500.
FP.PS.2026.732.SD