As 2025 closes and we take our first steps into 2026, it’s the perfect opportunity to pause and reflect over the past year. What did we learn? And how can we, especially within the Risk Intelligence framework, use the insights we’ve gained from working closely with our partners and clients to provide them with the intelligence-led solutions they need to grow? Let’s take a closer look at these key learnings and best practices.
Security continues to evolve into a key strategic role
For years, security leaders have called for a seat at the decision-making table. Faced with the complex threats and risks that come from an interconnected world, business leaders are increasingly coming to understand that security is more than ‘guards on gates, and cameras in corners’.
In 2026, we will continue to see security integrated throughout the organization – both vertically and horizontally. Security must align with business operations. This means connecting an increasingly volatile, uncertain, complex, and ambiguous (VUCA) threat landscape with the practical needs unique to each organization, such as asset protection, event security, supply chain risk management, and crisis management.
The next generation of threats requires the next generation of security
Security functions are evolving beyond ‘traditional’ threats like crime or terrorism to include protests, environmental events, executive protection, information disorder, and even health crises. The challenge lies in proactively taking initiative and ownership of these ‘next generation’ threats.
Organizations leading in this space take a holistic view of security risks across the organization. The key to success is to break down silos between functions and include intelligence-led strategies to mitigate threats before they become risks.
Situational understanding is critical
Constantly reacting to geopolitics, unrest, crime, terrorism, and cyber threats can lead to a crisis-led threat landscape. Situational awareness is important, but it’s not enough. It’s more important to establish situational understanding. This goes beyond ‘what is happening’, and provides the all-important ‘so what?’
In practice, this turns ‘raw data’ surrounding a local or global event into finished intelligence that provides a real-time assessment of the impact, a forecast of what could happen next, and an advisory of effective courses of action to manage a risk or realize an opportunity.
Closing the gaps revealed in 2025
One of the biggest vulnerabilities we saw in 2025 was organizations that treat security as a static, day-to-day operation with a ‘red-button’ response. This reactive mindset is not equipped to successfully navigate the risks we face in a VUCA threat landscape.
Other common mistakes and blind spots include:
- Treating every incident as ‘unpredictable’. Most security events, including protest actions or workplace violence, have identifiable signs that were missed.
- Misalignment between perceived and actual threats. Many organizations prioritized cyber threats at the expense of other threats, such as geopolitics, activism and boycott, insider threat or supply-chain disruptions. Cyber threats are a very real and present threat, but every threat should be assessed based on the risk it poses and practical solutions to manage it.
- “Data but no decisions.” Organizations are collecting massive amounts of data from an increasing number of sources 24/7, 365 days of the year. Many teams are overwhelmed by the volume, which leads to a disconnect between insights gained and action taken.
Proactive security in action
By adopting a proactive, intelligence-led security strategy, blind spots and common mistakes can be avoided. Here are some examples from 2025:
- Risk intelligence for a global technology client: We helped a global technology organization move from responding to sabotage risks as they occurred to identifying potential indicators and warnings that helped them make smarter decisions, continue their operations, and avoid costly disruptions.
- Activist early warning for technology client: We identified online mobilization 72 hours before a direct-action incident. The early warning enabled the client to adjust security posture and coordinate with business stakeholders and avoid an estimated $250–300K in operational disruption, reputational damage, and emergency contractor call-outs.
- Insider threat detection for a critical national infrastructure client: We identified multiple insider threats planning to disrupt key operational locations, in addition to sabotaging events and targeting executive residents with criminal acts. The intelligence helped our client mitigate threats to their employees and protect their brand and reputation.
Moving into 2026 with confidence
In 2025, we saw that resilience matters more than prevention alone, better intelligence drives smarter decisions, and integrating security strategies beyond silo-mindsets leads to a holistic security plan.
Leaders increasingly want one integrated operational picture that includes threats, assets, vulnerabilities and risks, along with actionable steps they can take to mitigate threats and navigate what’s around the corner. We step into 2026 committed to coming alongside our clients with simple, actionable intelligence so they can make smarter decisions and continue to grow their business.
For a deeper look at the emerging threats and risks on the horizon in 2026, visit our website to request our 2026 Annual Intelligence Estimate. This exclusive report reveals the top security challenges expected in the year ahead, and shows you how to protect what matters most in a VUCA world.
