Whose risk is it anyway? How positions and perspectives inform digital risks

The IAPP's Navigate Digital Risk Index 2025 charts the top digital risks as selected by global leaders in the digital space. The DRI blends the technical with the human, highlighting that digital risk is not just a matter of external threats but also of perspective and context.

One of the most compelling takeaways from discussions on the DRI at the Navigate: A Digital Policy Leadership Retreat is that, while digital risks are broadly shared, their intensity, framing and risk management priorities vary significantly across sectors and roles.  

Shared risks across the board

Many risks resonate across industries and positions. Although the manner of risk varies, cybersecurity stands out as a genuine area of concern for organizations of all types. 

Ropes & Gray Partner for Data, Privacy and Cybersecurity Edward McNicholas, CIPP/US, describes the danger in cyberattacks that seek results other than an immediate monetary payment. McNicholas explains that "the hostilities with Iran will continue to pose new risks of destructive cyberattacks designed to inflict harm without any other economic motive. Ransomware attacks present at least the possibility of negotiation. Attacks by Iran or its proxies would be designed simply to destroy infrastructure, disrupt supply chains and terrorize people."

Fabienne Tegeler, head, section liaison office and legal affairs at Federal Office for Information Security and chair of the European Union Agency for Cybersecurity Management Board, reflected that the top reported geopolitical risks on the DRI "underscore the need for organizations to strengthen cyber resilience, improve threat detection and reassess geopolitical exposure. At the same time, 51% point to the growing dependency on third-party vendors as a major technological risk, highlighting the importance of robust vendor risk management, supply chain transparency and contingency planning."