Risk management has always been about anticipating the unexpected. But we feel the latest 2025 Gartner® 2025 Risk Report makes it clear: the nature of risk is changing faster than many organizations can adapt. The rise of AI, expanding regulatory demands, and increasingly fragmented data landscapes mean that risk leaders must rethink how they approach resilience.
Several themes from Gartner’s research stood out to us that align with modern risk models. Here are the key takeaways from the report and our perspective on what actions organizations can take to strengthen their own strategies:
1. Risk Blind Spots Start with Fragmented Data
One of the points from Gartner is that risk blind spots rarely come from a lack of effort; they come from a lack of visibility. Risk and security data remain scattered across business units, IT systems, and supply chains. That fragmentation makes it nearly impossible to detect weak signals early or respond with speed.
This experience is something we hear from our customers, too. When data lives in silos, teams are forced into a reactive stance, chasing alerts and reconciling conflicting sources rather than building a holistic picture of risk. The lesson is clear: a unified data foundation is the prerequisite for any modern risk strategy.
Here are examples of how leading companies are modernizing their data foundation:
- Zillow mitigates operational risk through automated dashboard analysis and AI-driven insights—helping its teams streamline on-call support and mission-critical operations by eliminating fragmented, manual processes.GM Financial built a unified customer view with strong governance.Shell manages all its analytics and AI workloads on a single platform—demonstrating how eliminating silos creates a single source of truth for decision-making.
2. Data Governance Moves to the Frontline
Governance has historically been seen as a cost center and compliance exercise—important, but peripheral to day-to-day operations. Gartner discusses a major shift: governance is becoming a frontline capability and business enabler.
Why? Because AI, cloud expansion, and regulatory scrutiny are converging. Organizations need greater assurance around access controls, data lineage, and accountability. Without it, innovation stalls under the weight of uncertainty.
We believe that organizations that unify data governance create a trusted source of truth, enabling faster action, more confident decision-making, and the ability to move quickly without introducing new exposure.
How enterprises are innovating faster with unified governance:
- IQVIA improved query performance and governance in healthcare analytics with Databricks, strengthening compliance and operational effectiveness.Bradesco Bank increased data integrity and business agility by building its in-house customer data platform with Databricks tools.
3. AI Governance Helps Combat AI Risk
Gartner mentions the double-edged nature of AI. On the one hand, automation and machine learning are transforming how risks can be detected, monitored, and mitigated. On the other, AI itself introduces new risks: explainability, compliance, and the governance of model outputs.
This is a balancing act we see across industries. The answer isn’t to slow down AI adoption, but to put robust guardrails in place from the start. That means embedding governance directly into AI workflows, continuously evaluating models for accuracy and bias, and ensuring the underlying data is secure and trusted. AI should amplify human expertise, not create new vulnerabilities and roadblocks.
Organizations are already striking this balance:
- DraftKings powers its real-time fraud detection pipeline with Databricks streaming and ML, enabling rapid and accurate threat identification.McDonald’s employs Databricks machine learning to optimize restaurant site selection and support high-stakes business decisions.
4. The AI Security Talent Gap Won’t Close on Its Own
Another key finding from this report is the persistent shortage of skilled risk and security professionals. As the attack surface expands and regulations multiply, teams are asked to do more with less.
Data can serve as a force multiplier. Teams equipped with self-service insights, automation for routine investigations, and high-fidelity signals can operate with far greater efficiency. Instead of wading through thousands of low-value alerts, analysts can focus on high-impact threats.
The Navy’s story illustrates this well: by building a model on Databricks to review $40B of financial transactions, they saved over 200,000 work hours, freeing teams to focus on higher-value risk and compliance initiatives.
5. Integrating Agility and Resilience into AI Risk Strategies
Gartner discusses the need for agile risk programs that adapt quickly to new conditions while maintaining resilience.
We believe agility starts with the data itself. Organizations that unify all sources— clouds, systems, formats—gain visibility to anticipate issues rather than react to them. The foundation of an agile risk program starts with unified governance, which provides this visibility and allows risk teams to pivot quickly when needed.
Here’s how two leading companies are approaching modern risk management:
- Michelin demonstrates the importance of agile risk management with its adoption of a Data Mesh on Databricks, empowering business users and streamlining operations across ERP and analytics.Adobe leverages the Databricks security lakehouse to perform real-time, large-scale cybersecurity analysis—helping its teams adapt rapidly to new threats.
Modern Risk Management Is a Dynamic System
We feel the Gartner findings point to a fundamental transition. Risk management is about creating a dynamic system powered by unified data, governance, and responsible AI, and agility.
The winners will be those who:
- Treat governance as a core capability, not an afterthought.Break down data silos to eliminate blind spots.Harness AI responsibly to augment human expertise.Empower teams with tools that reduce fatigue and increase focus.Build for agility, so resilience becomes a competitive advantage.
Closing Thoughts
In our opinion, the Gartner report is a call to action for security and risk leaders everywhere. The risks we face—cyber, operational, financial, regulatory—are only becoming more interconnected. Meeting that challenge requires not just more controls, but smarter foundations: unified data, embedded governance, and AI that is both powerful and safe.
For a deeper look at the Gartner research and recommendations, we encourage you to read the full report.
Gartner Reports: Gartner, 2025 Gartner® 2025 Risk Report, Avivah Litan, Max Goss, Sumit Agarwal, Jeremy D'Hoinne, Andrew Bales, Bart Willemsen, 18 February 2025
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
