For decades, technology has been the engine propelling industries into new eras of possibility. From medicine to finance, from supply chains to our everyday routines, technology has not only increased efficiency and driven down costs but fundamentally reimagined the fabric of modern life. Each generation finds itself more intimately entwined with technological advances than the last, often in ways that would have been unimaginable to their predecessors. Now, as we stand on the brink of a new epoch in financial services, a digital transformation is gathering momentum. Tokenization, digital assets, and blockchain offer to overhaul a system that, just half a century ago, was mired in paper records. Meanwhile, the relentless drive for innovation pushes firms to weave artificial intelligence into the heart of their operations, empowering employees to rethink productivity and reimagine business models. Beneath these headline technologies lies a less glamorous but essential backbone: Position, Navigation, and Timing (PNT) systems. Once a background utility, PNT is now thrust into the foreground as recent incidents expose the urgent need to fortify these systems against failure and the cascading risks such failures could unleash.

As innovation is embedded through the financial sector, one truth grows ever clearer: Risk professionals can no longer afford to be bystanders in the technological revolution. Too often, cyber professionals have been left out of critical conversations, relegated to the sidelines, or thrust into the spotlight and held responsible for risks beyond their direct purview.  Rather than offering up the usual list of top cyber or technology risks for the current year, let’s raise the bar.

Firms must embed cyber professionals at the genesis of transformative projects, ensuring their expertise shapes the trajectory from day one. Equally crucial is a willingness to further scrutinize the nuanced risks embedded in new technologies and to apportion responsibility with clarity and purpose. Only then can organizations hope to manage risk with the sophistication that this era demands.

Digital Assets / Tokenization

Digital assets, recorded on programmable ledgers such as blockchains, are not merely the next chapter in the evolution of financial markets, they are the new foundation. This shift promises a landscape with fewer intermediaries, the advent of smart contracts and decentralized applications (dApps), and a reconceptualized financial ecosystem. Financial institutions are scrambling to decode what this means for their strategies: Will they expand existing offerings? Forge entirely new products? Build proprietary blockchain environments or plug into external platforms? Yet, amid this surge of experimentation, a critical voice is often absent. Cyber organizations, the very teams tasked with identifying and mitigating technology risk, are too frequently excluded from the earliest stages of risk assessment and solution design. As an example of technology risk, the flattening of technology stacks through the decrease of intermediaries doesn’t just streamline processes, it amplifies the reach of potential cyber incidents threatening to ripple across entire markets.

While firms have made commendable progress in mapping out settlement, credit, default, and other market risks tied to digital assets and tokenization, a glaring gap remains. Without a robust and comprehensive cyber risk review, organizations risk overlooking the systemic vulnerabilities that lurk beneath the surface. These vulnerabilities, in a world of ubiquitous technology-driven decision-making, could trigger consequences far beyond traditional financial shocks.

Generative and Agentic AI

Artificial intelligence has transitioned from a buzzword to a business imperative, reshaping industries with breathtaking speed. Companies are pouring resources into embedding AI into their operations, while employees leverage these tools to increase productivity, and vendors redefine their value propositions through AI-driven services. The trajectory is unmistakable: AI is not just finding its footing in business and society, it is rapidly becoming indispensable.

Yet the rise of AI has far outpaced cyber professionals’ ability to craft industry-accepted standards or devise comprehensive risk mitigation measures. In some cases, the risks themselves remain undefined. While organizations gradually improve their AI risk management, blind spots remain. The 2025 Stanford AI Index Report reveals a telling paradox: 21% of surveyed businesses have placed primary responsibility for AI governance on information security departments that may, inadvertently, blur lines of accountability and obscure legal or regulatory pitfalls. As frameworks for Responsible AI continue to improve, regulators expect companies to manage their AI risks, especially when these algorithms significantly impact markets or consumers. Complicating matters further is the diminishing pool of public training data, driven by copyright and licensing restrictions, which introduces yet another layer of opacity. Many of these perils exist well beyond the traditional remit of information security teams. To saddle cyber organizations alone with governance is to risk ignorance when clarity is most needed.

Position, Navigation, and Timing Systems

Lately, I’ve become fascinated and concerned by the systemic risks lurking in our Position, Navigation, and Timing (PNT) systems. These unsung technologies knit together the services on which modern life depends. From electronic trading to global supply chains, their importance is so foundational that it is often invisible until it fails. When these systems stumble, the resulting disruption can cascade across sectors and borders. While headlines may expose the dangers of AI, quantum computing, or cloud vulnerabilities, the fragility of our timing infrastructure may be the silent crisis hiding in plain sight.

As the year unfolds, the imperative is clear: Risk professionals and their organizations must rethink and revitalize their risk and resilience approaches. The challenge is not merely to keep pace with technological change, but to anticipate and address its hidden vulnerabilities. By forging a more holistic, forward-thinking model, one that accounts for the complex interplay of new and old risks, we can step confidently into the next era of innovation, fully attuned to both its promise and its perils.