In this article
Risk is no longer episodic. It doesn’t spike and recede with a single crisis or headline event. Instead, today’s organizations are operating in an “always on” risk environment — one defined by overlapping geopolitical uncertainty, rapid regulatory change, cyber threats, AI related risks and ongoing supply chain disruption.
That reality is reshaping how risk is managed and who is responsible for coordinating it.
Today, Diligent Institute is launching the 2026 General Counsel Risk Index, our latest global research study capturing how general counsel and senior legal leaders view the current risk landscape and how they are evolving their role at the center of governance, risk and compliance (GRC).
The findings point to a clear shift: GCs are increasingly acting as enterprise-wide risk conductors, coordinating risk and compliance across the organization — often without the fully integrated systems, reporting structures, or AI-enabled tools to support that mandate.
When asked to rate the current level of risk facing their organization on a scale from 1 to 10, GCs put it at an average of 7. That signal of sustained, elevated risk is driven not by one dominant threat, but by a complex combination of pressures.
The most frequently cited drivers of risk include geopolitical conflicts, regulatory change, AI related risks, cyber threats and supply chain disruptions. Together, they illustrate a risk environment that is interconnected, fast-moving and difficult to manage in isolation.
For many legal leaders, this complexity has translated directly into how they spend their time.
The data shows a profession in transition. Sixty seven percent of respondents say the time they spend on enterprise-wide risk management and compliance has increased in the past year, while just 2% report a decrease. Nearly half say they now spend between 21% and 40% of their time, or 1-2 days in a given week, coordinating risk and compliance activities — time that historically would have been spent on more traditional legal work.
In practice, this means GCs are often acting as the connective tissue between compliance, risk, legal, the C-suite and the board. They are helping to surface emerging risks, align responses and ensure decision makers have visibility into what matters most.
But while expectations are rising, infrastructure hasn’t caught up.
Despite the growing scope of responsibility, only 19% of legal leaders say their governance, risk and compliance systems are fully integrated. Most describe their GRC environment as only somewhat integrated (or not integrated at all) leading to fragmented data, inconsistent reporting and a heavier coordination burden for legal teams.
Reporting structures vary widely as well. In some organizations, both risk and compliance leaders report directly into legal. In others, responsibilities are split across finance, operations, or the CEO’s office. There is no single model or clear consensus on how enterprise-wide risk ownership should be structured.
What is consistent, however, is the challenge of translating complex risk signals into clear, board-ready insight .
See how your risk posture stacks up to 147 peers, then walk into board meetings with data that backs every recommendation.
Only 21% of GCs say they are very confident that their board receives the right mix of focused, forward-looking and non-overwhelming risk information.
This gap matters. Boards are being asked to oversee a broader and more dynamic risk agenda than ever before, including new questions about AI adoption, data privacy, cyber resilience and regulatory exposure. When risk information is fragmented, backward looking, or overly dense, board oversight suffers.
AI has the potential to help but it also introduces new tensions.
While AI tools are beginning to deliver gains for legal teams, progress is uneven. Just 52% of respondents say they’ve seen significant or measurable efficiency improvements from AI in the past six months.
At the same time, GCs express real concerns about bringing AI into the boardroom. Data privacy, hallucinations and directors’ ability to appropriately interpret AI-generated insights are recurring themes — underscoring that AI governance is quickly becoming aboard level issue, not just a technical one.
The latest GC Risk Index brings together insights from 147 senior legal leaders across industries, regions and organizational sizes. It offers a benchmark for understanding how risk is perceived today and how the role of the GC is expanding in response.
More importantly, it surfaces a set of practical questions for organizations to consider:
The 2026 GC Risk Index launches today at our Elevate conference and is available now on Diligent.com. The full report includes detailed benchmarks, comparative cuts and practical takeaways for legal leaders, boards and the C-suite.
As the risk environment continues to evolve, one message from the data is clear: the role of the GC is no longer confined to legal interpretation alone. It is increasingly about orchestration: connecting governance, risk, compliance and technology in a way that enables stronger oversight in an always on world.
Download the 2026 GC Risk Index to explore the findings in full.
General Counsel Risk Index: Global risk benchmarking for legal leaders
Gain critical insights into global risk benchmarking with the latest General Counsel Risk Index, which synthesizes data from 147 senior legal leaders. This report will help you assess your organization's risk posture, enhance governance, risk, and compliance strategies, and prepare for informed discussions with your board and C-suite. Download now to access essential benchmarks and elevate your legal leadership role.
