Materiality has long been anchored in financial reporting. Information is material if it influences investor decisions or affects financial performance. This approach has shaped how organisations identify, assess and disclose risk. 

However, the risk landscape has changed. Environmental, social and governance (ESG) factors increasingly influence performance, reputation and long-term viability. Stakeholders now expect transparency not only on financial outcomes, but also on broader impacts. 

Regulation has accelerated this shift. The EU’s Corporate Sustainability Reporting Directive (CSRD) formalises the need to assess and disclose both financial and non-financial risks. It moves materiality beyond a purely investor-focused concept. 

The perspective is evolving from “what affects the company” to also include “what the company affects”. This shift is at the core of double materiality and reflects a broader understanding of risk and value. 

What Is Materiality? A Quick Refresher 

Financial Materiality 

Financial materiality focuses on information that influences economic decisions. It is centred on investors, creditors and other financial stakeholders. 

Material issues are those that can affect: 

• revenues and costs  

• assets and liabilities  

• cash flows and profitability  

This perspective is embedded in accounting standards and financial disclosures. It provides a clear, measurable framework for assessing what matters. 

Limitations of Traditional Materiality 

While effective for financial reporting, traditional materiality has limitations. 

It largely ignores environmental and social externalities. Issues such as carbon emissions, labour practices or biodiversity loss may not be immediately reflected in financial statements, yet they carry significant long-term implications. 

The focus is also often short- to medium-term. Emerging risks that develop gradually can remain outside the materiality threshold until their impact becomes unavoidable. 

As a result, organisations may operate with an incomplete view of risk exposure. Critical drivers of future performance remain under-assessed or overlooked. 

What Is Double Materiality? 

Definition and Core Concept 

Double materiality expands the concept of materiality by introducing two complementary perspectives. 

• Financial materiality (outside-in): how external ESG factors affect the organisation’s financial performance.  

• Impact materiality (inside-out): how the organisation’s activities affect the environment and society.  

Together, they provide a more complete view of risk, impact and value creation. 

The Two Dimensions Explained 

The outside-in perspective assesses how sustainability risks translate into financial consequences. Climate change, regulatory shifts or social pressures can affect costs, revenues, asset values and business models. 

The inside-out perspective evaluates the organisation’s impact on the world around it. This includes environmental footprint, social impact and governance practices. These impacts may not be immediately financial, but they can influence reputation, regulatory exposure and long-term sustainability. 

Considering both dimensions ensures that risk assessment is not one-sided. 

Why It Matters Now 

Double materiality has moved from concept to requirement. 

Regulatory frameworks such as the CSRD and European Sustainability Reporting Standards (ESRS) require organisations to assess both financial and impact materiality. This introduces greater consistency and accountability in ESG reporting. 

At the same time, investors and stakeholders demand more transparency. They increasingly factor sustainability risks and impacts into their decisions. 

Most importantly, double materiality improves long-term risk visibility. It helps organisations identify emerging risks earlier and understand how external and internal impacts interconnect. 

Double Materiality and Risk Management 

Expanding the Risk Universe 

Double materiality broadens the scope of risk management. 

Traditional frameworks focused on financial, operational and compliance risks. Double materiality introduces additional dimensions, including: 

• climate risk and biodiversity loss  

• social and human capital risks  

• transition and physical risks linked to environmental change  

These risks are not separate. They interact with existing risk categories and can amplify overall exposure. 

Integration into ERM 

Integrating double materiality into enterprise risk management (ERM) requires connecting sustainability and risk functions. 

ESG risks should not sit in isolation. They need to be mapped to existing risk taxonomies, assessed alongside traditional risks and incorporated into reporting and governance structures. 

This integration breaks down silos and provides a consolidated view of exposure. It also ensures that sustainability considerations are embedded in core decision-making processes. 

From Compliance to Decision-Making 

Double materiality is often a reporting requirement. Its real value lies in decision-making. 

By identifying and prioritising material ESG risks and impacts, organisations can: 

• allocate resources more effectively  

• align strategy with long-term risks and opportunities  

• anticipate regulatory and market developments  

When used properly, double materiality shifts from compliance exercise to strategic tool. It enables organisations to manage risk proactively while supporting sustainable value creation. 

How to Perform a Double Materiality Assessment 

A double materiality assessment provides a structured way to identify, evaluate and prioritise ESG risks and impacts. It should be robust, documented and aligned with both regulatory expectations and internal decision-making. 

Identifying Relevant Topics 

The process starts with defining the scope of ESG topics. 

This involves mapping relevant environmental, social and governance issues based on industry standards, regulatory guidance and internal knowledge. Typical areas include climate change, resource use, workforce, supply chain and governance practices. 

Stakeholder engagement is essential at this stage. Inputs from investors, employees, customers and regulators help identify what matters externally, complementing internal risk perspectives. 

Assessing Impact Materiality 

Impact materiality evaluates how the organisation affects the environment and society. 

Assessment focuses on: 

• Severity of impact, including scale and seriousness  

• Scope, or how widespread the impact is  

• Irreversibility, or the extent to which harm can be mitigated  

Aditionally, likelihood is also considered, particularly for potential impacts. This structured approach ensures that both actual and potential effects are captured consistently. 

Assessing Financial Materiality 

Financial materiality focuses on how ESG factors affect the organisation’s performance and position. 

This involves analysing: 

• risks and opportunities linked to ESG topics  

• potential impact on revenues, costs, assets and liabilities  

• exposure across different time horizons (short, medium and long term)  

This step aligns closely with existing risk management practices, enabling integration into financial and strategic planning. 

Scoring and Prioritisation 

Once both dimensions are assessed, topics are scored and prioritised. A materiality matrix is commonly used to visualise results, combining impact and financial relevance. Thresholds determine which topics are considered material. 

Clear documentation is critical. Assumptions, methodologies and decisions should be traceable to support internal governance and external scrutiny. 

Challenges in Implementation 

While conceptually clear, double materiality presents practical challenges. 

Data and Methodology 

Data availability remains a key constraint. ESG metrics are often incomplete, inconsistent or difficult to quantify. 

Lack of standardisation across methodologies can lead to divergent results. Estimation is sometimes necessary, increasing uncertainty and requiring strong documentation. 

Governance and Ownership 

Double materiality sits at the intersection of sustainability, risk, finance and strategy. 

Unclear ownership can lead to fragmentation. Without coordination, assessments become inconsistent and difficult to operationalise. 

Strong governance is required to ensure alignment, accountability and integration into decision-making processes. 

Risk of “Tick-the-Box” Approach 

There is a risk that double materiality becomes a compliance exercise. 

Superficial assessments may meet reporting requirements but fail to provide meaningful insight. Over-reliance on templates or generic scoring reduces relevance. 

The objective should be substance over form. The value lies in analysis, not documentation alone. 

Benefits of Double Materiality 

When implemented effectively, double materiality strengthens both risk management and strategic decision-making. 

Better Risk Identification 

Double materiality broadens the risk lens. It enables earlier detection of emerging risks, particularly those linked to environmental and social factors. 

This forward-looking perspective improves preparedness and reduces the likelihood of unexpected shocks. 

Improved Transparency 

Clear identification and disclosure of material topics enhance reporting quality. 

This strengthens stakeholder trust, supports regulatory compliance and improves the credibility of sustainability disclosures. 

Strategic Advantage 

Double materiality supports informed decision-making. 

By linking ESG risks and impacts to strategy, organisations can: 

• allocate capital more effectively  

• anticipate market and regulatory changes  

• align operations with long-term value creation  

This moves risk management from reactive to proactive. 

Double Materiality in Practice: A Risk Perspective 

Double materiality is more than a reporting requirement. It is a framework that connects sustainability with core risk management. 

Integrating ESG considerations into financial risk frameworks requires structured approaches. Risk taxonomies, control frameworks and consistent methodologies provide the foundation for this integration. 

Tools, data and analytical models play a key role. Structured solutions — including those available through platforms such as your own — can support organisations in performing assessments, documenting results and embedding them into governance processes. 

Ultimately, double materiality reframes how organisations understand risk and impact. It shifts the focus from short-term financial performance to long-term resilience. 

Organisations that embrace this perspective are better positioned to navigate uncertainty, meet stakeholder expectations and create sustainable value.

The post Double Materiality – Financial and Social Impact appeared first on .

A clear distinction must be made between emerging risks and persistent risks. Emerging risks are new or rapidly evolving threats whose impact and likelihood are still uncertain. Persistent risks are known risks that continue to intensify or interact in new ways. 

By 2026, risks are expected to be faster-moving, more interconnected and harder to isolate. Traditional risk registers and silo-based assessments struggle to capture these dynamics. 

This article outlines the key drivers shaping the 2026 risk landscape, identifies major emerging and present risks, and highlights implications for risk management and governance. 

Understanding the Risk Landscape Concept

A risk landscape provides a high-level view of the most relevant risks facing an organisation at a given point in time. Unlike a risk register, it focuses on trends, interdependencies and forward-looking exposure. 

Modern risk landscapes recognise that risks rarely materialise independently. Financial, operational, technological and geopolitical risks often reinforce each other, increasing overall impact. 

Horizon scanning and scenario analysis are essential tools for understanding the risk landscape. They help organisations anticipate change rather than react to isolated events. 

Static assessments remain useful but insufficient. In a volatile environment, risk landscapes must be reviewed and updated regularly to remain relevant. 

Key Drivers Shaping the 2026 Risk Landscape

Macroeconomic and Financial Drivers 

Macroeconomic uncertainty remains a dominant risk driver. Interest rate volatility, high debt levels and uneven growth continue to challenge financial stability. 

Refinancing risk is increasing as debt matures in a higher-rate environment. This affects corporates, households and sovereigns, with potential spillovers to the financial system. 

Market liquidity remains fragile. Periods of stress may expose hidden leverage, valuation mismatches and concentration risks. 

Geopolitical and Geoeconomic Drivers 

Geopolitical fragmentation is reshaping global trade and investment. Strategic competition, regional conflicts and sanctions are increasing uncertainty and operational complexity. 

Economic nationalism and trade restrictions are disrupting established supply chains. Organisations face higher costs, reduced diversification and regulatory divergence. 

Energy security remains a structural concern. Price volatility and supply disruptions continue to affect inflation, production and strategic planning. 

Technological Drivers 

Digitalisation is accelerating across sectors. While enabling efficiency and innovation, it also increases dependency on complex and often opaque technology ecosystems. 

Artificial intelligence and automation are transforming decision-making processes. Governance, accountability and control frameworks are struggling to keep pace. 

Technology concentration and third-party reliance increase systemic risk. Failures at key providers can have widespread operational impact. 

Emerging Risks for 2026

Artificial Intelligence and Model Risk 

AI adoption is expanding rapidly, often faster than governance frameworks. Model opacity, data bias and explainability issues create new forms of risk. 

Regulatory expectations around AI are evolving. Uncertainty around compliance, accountability and liability increases legal and reputational exposure. 

Over-reliance on automated decision-making may weaken human oversight, particularly under stress conditions. 

Cyber and Digital Resilience Risks 

Cyber risk continues to evolve in scale and sophistication. Ransomware, supply-chain attacks and systemic outages pose growing threats. 

Digital incidents increasingly affect critical services, financial stability and public trust. Recovery times and costs are rising. 

Cyber resilience is becoming as important as cyber prevention. Business continuity and response capabilities are key differentiators. 

Climate and Environmental Transition Risks 

Climate risk is shifting from a long-term concern to a near-term financial risk. Physical events and transition pressures are materialising faster than expected. 

Regulatory, legal and investor scrutiny is increasing. Organisations face higher compliance costs and litigation exposure. 

Insurance availability and affordability are becoming constraints, particularly in high-risk regions and sectors. 

Social and Workforce Risks 

Labour markets remain tight in key skill areas. Talent concentration increases dependency on critical individuals and teams. 

Remote and hybrid working models introduce control, culture and operational risks that are not yet fully embedded in risk frameworks. 

Demographic trends place pressure on productivity, public finances and workforce planning. 

Persistent and Heightened Risks

Financial and Credit Risks 

Credit risk remains elevated across sectors. Defaults, restructurings and counterparty stress are likely to increase in a weaker growth environment. 

Risk concentration is a growing concern. Correlated exposures reduce diversification benefits during downturns. 

Liquidity and funding risks persist, particularly for highly leveraged or market-dependent entities. 

Operational and Supply Chain Risks 

Operational resilience remains uneven. Dependencies on critical suppliers and single points of failure continue to expose organisations to disruption. 

Reshoring and nearshoring reduce some risks but introduce others, including cost pressures and execution challenges. 

Business continuity frameworks often lag behind the complexity of modern operations. 

Regulatory and Compliance Risks 

Regulatory requirements are expanding in scope and complexity. Divergence across jurisdictions increases compliance risk and operational burden. 

Supervisory expectations around governance, data quality and risk management are rising. 

Failure to meet regulatory standards increasingly results in reputational damage, not just financial penalties. 

Interconnected and Systemic Risk Themes

Interconnection is a defining feature of the 2026 risk landscape. Shocks propagate quickly across sectors and geographies. 

Correlation increases under stress, undermining traditional diversification assumptions. Risks that appear independent in normal conditions may materialise simultaneously. 

Systemic risk is no longer confined to the financial sector. Technology, climate and geopolitical risks can trigger system-wide disruption. 

Effective aggregation and scenario analysis are essential to understand these dynamics. 

Implications for Risk Management and Governance

Silo-based risk management is increasingly ineffective. Fragmented approaches fail to capture cross-risk dependencies and escalation pathways. 

Enterprise risk management plays a central role in integrating risk perspectives and supporting strategic decision-making. 

Boards require clearer, more forward-looking risk information. Risk appetite and tolerance frameworks must be stress-tested against emerging scenarios. 

Governance structures must balance oversight with agility. Excessive complexity can slow responses in fast-moving situations. 

Preparing for the 2026 Risk Landscape

Scenario-based risk assessment is critical. Organisations should explore severe but plausible scenarios rather than rely on point forecasts. 

Stress testing and reverse stress testing help identify vulnerabilities that may not be visible in baseline conditions. 

Risk culture and escalation mechanisms must support early identification and decisive action. 

Data and analytics can enhance insight, but only if supported by sound governance and judgement. 

Call to Action

The 2026 risk landscape is defined by uncertainty, interconnection and speed. Emerging risks are becoming material faster, while persistent risks continue to intensify. 

Effective risk management is less about prediction and more about preparedness. Organisations that understand their risk landscape are better positioned to respond and adapt. 

To explore practical tools, insights and frameworks that support forward-looking risk analysis and enterprise risk management, visit our website and strengthen your approach to managing future risk. 

The post 2026 Risk Landscape: Emerging and Persistent Threats appeared first on .

What is Information Risk? 

Information risk refers to the potential for harm or loss resulting from the mishandling, compromise, or unavailability of data. This includes any threat that affects how information is created, stored, accessed, processed, or shared. It spans across digital and physical environments and can impact business operations, compliance, financial performance, and reputation. 

Why It Matters 

In a data-driven world, information is a core asset. Poor management of information risk can lead to data breaches, system outages, regulatory penalties, and loss of stakeholder trust. Managing these risks is critical for maintaining business continuity, legal compliance, and competitive advantage. 

How Is Information Risk Different from Cybersecurity or Data Protection? 

While closely related, these concepts have distinct scopes: 

• Cybersecurity focuses on protecting IT systems from malicious attacks such as malware, phishing, or hacking. 

• Data protection is about ensuring personal or sensitive data is used lawfully and kept private. 

• Information risk is broader—it includes cybersecurity and data protection but also covers risks from internal processes, third-party vendors, human error, and non-malicious events that could impact data integrity or availability. 

Types of Information Risk

Confidentiality Breaches

Unauthorised access to sensitive information, such as customer records, intellectual property, or financial data. These breaches can result from hacking, phishing, poor access controls, or lost devices. 

Impact: Loss of trust, legal penalties, and reputational damage.

Integrity Loss

Data integrity risk involves unauthorised or accidental changes to information, making it unreliable or corrupted. This could occur due to system errors, insider manipulation, or malware. 

Impact: Faulty decision-making, financial misstatements, and operational failure. 

 Availability Issues

Risks that affect the accessibility of information when needed. Examples include denial-of-service (DoS) attacks, system outages, hardware failures, or natural disasters. 

Impact: Business disruption, downtime costs, and loss of customer service. 

 Legal and Regulatory Risks

Failure to comply with laws such as GDPR, HIPAA, CCPA, or financial regulations can expose your organisation to audits, fines, and lawsuits. 

Impact: Regulatory sanctions, legal fees, and reputational harm. 

 Insider Threats and Human Error

Employees, contractors, or partners may unintentionally or maliciously put information at risk—through misconfigured systems, weak passwords, or deliberate sabotage. 

Impact: Data leaks, security breaches, and increased internal monitoring costs. 

 Third-Party/Vendor Risk

Businesses increasingly rely on external vendors for cloud services, IT support, or data processing. If these vendors lack proper security controls, your information is exposed. 

Impact: Shared liability, data exposure, and service interruptions. 

Drivers of Information Risk in 2025 

The information risk landscape is rapidly evolving. Several key trends and technological shifts are increasing the complexity and severity of threats businesses must manage: 

AI and Automation-Related Vulnerabilities 

The growing integration of artificial intelligence and automation introduces new risks. These include data poisoning, algorithmic bias, and system manipulation. As your organisation become more reliant on AI, vulnerabilities in machine learning models and automated decision-making processes can lead to significant exposure. 

Cloud Migration and Hybrid Workforces 

With more data being stored and accessed across cloud platforms and by remote employees, the risk surface has expanded. Misconfigured cloud services, weak endpoint security, and inconsistent access controls make it harder to monitor and protect information effectively. 

Increasing Regulatory Scrutiny 

Governments and regulatory bodies are tightening data protection laws. From GDPR in Europe to evolving privacy legislation across the globe, compliance requirements are becoming more complex. Failure to align with these regulations can lead to severe penalties and reputational harm. 

Rapid Growth of Data Volume 

The explosion of data from sources such as IoT devices, mobile apps, and big data analytics increases the challenge of managing information securely. The more data your organisation handles, the greater the risk of breaches, loss, or misuse if not properly classified, monitored, and protected. 

Business Impacts of Poor Information Management 

Failing to manage information risk effectively can have wide-reaching consequences for any organisation. The following are some of the most critical impacts: 

Financial Losses 

Direct costs from data breaches, legal penalties, regulatory fines, and incident response can be substantial. Indirect costs such as loss of business and increased insurance premiums further amplify the financial burden. 

Reputational Damage 

Public exposure of data incidents can quickly erode brand value and stakeholder confidence. Rebuilding a damaged reputation takes time, resources, and a proven track record of improved risk management. 

Operational Disruptions 

Information risk incidents, such as ransomware attacks or system outages, can halt operations, delay service delivery, and impact supply chains. This disruption can lead to lost revenue and customer dissatisfaction. 

Loss of Customer Trust and Competitive Edge 

In an environment where trust is a competitive differentiator, mishandling information can drive customers and partners to competitors. Long-term loyalty depends on maintaining high standards of data protection and transparency. 

The Future of Information Management 

As the digital landscape continues to evolve, so too must the strategies used to manage information risk. The future of risk management lies in smarter, faster, and more integrated approaches that anticipate threats before they materialise. 

AI-enabled risk detection will play a critical role, using machine learning to identify anomalies, flag suspicious behavior, and respond to incidents in real time. These intelligent systems can significantly reduce detection time and improve response accuracy. 

Predictive analytics and automation will further enhance risk management by enabling proactive decision-making. By analysing trends and historical data, your organisation can forecast potential vulnerabilities and automate controls to prevent breaches before they occur. 

Additionally, information risk is becoming a central element of ESG (Environmental, Social, and Governance) and sustainability reporting. Stakeholders now expect business to demonstrate responsible data stewardship as part of their broader commitment to ethical and sustainable practices. 

In this environment, managing information risk is no longer just a technical issue—it is a strategic imperative. Organisations that invest in forward-looking, data-driven risk frameworks will not only protect their assets but also gain a competitive edge in a trust-driven economy. 

The post New Information Risk Landscape appeared first on .