As the pace of change continues to impact the way we work, people risks are rising to the top of the boardroom agenda. In this article, we leverage Gallagher data to identify four trends impacting people risk during an era of critical transformation.
Getting your Trinity Audio player ready...

Key takeaways

  • Human error is thought to be behind over 90% of all cyber attacks, and artificial intelligence (AI), phishing and social engineering are becoming more convincing and targeted. With humans as the firewall, keeping up requires coordinated thinking across the business.
  • Experience isn't everything. The "half-life" of a skill — which is the rate at which skills become half as useful — is getting shorter and shorter, calling for an agile, continuous approach to learning.
  • In a world of constant change and disruption, the workforce is feeling fatigued. Building organizational resilience requires strong leadership and effective change strategies.
  • Job insecurity can erode employee morale and trust in leadership, impacting engagement and talent retention. Unaddressed, job insecurity can spill over into industrial action, causing broader economic impacts.

Introduction

The past five years have seen a period of marked transformation within the workplace. Major technological leaps — including the mass adoption of generative AI — have created significant opportunity but also uncertainty and the need to address skills shortages.

Pandemic lockdowns, the shift to hybrid working and the cost-of-living crisis added further pressure and resets, with the "Big Quit" prompting talent to leave sectors such as healthcare, leisure and hospitality, and transportation as workers sought to reduce stress and improve work-life balance.

These events have supercharged many of the underlying people-related risks employers were already grappling with, including skills obsolescence and maintaining staff engagement. Building resilience in the workforce has arguably never been more challenging.

To better understand these trends — and how business leaders are responding — Gallagher carried out some global research in January 2025. The data reveals some of the workplace risks that are front of mind alongside the strategies being implemented.

The need for more collaboration across risk management and HR

Many of the current challenges sit at the intersection of enterprise risk management and HR and require a joined-up, cross-divisional approach. Such functions haven't always been aligned, and more collaboration will be needed moving forward.

"There is a clear connection between the risks that HR and Risk Management professionals manage," says Lisanne Sison, managing director of Enterprise Risk Management (ERM) at Gallagher US. "Every time I do a risk prioritization, at least two of the top 10 risks are people related."

The following four people-related trends are challenging employers and risk managers to think differently as the world around us continues to evolve. Whether firms are addressing the human factor in cyber risk management or seeking to address skills gaps, it's clear that a cross-functional approach will be needed to bridge the gaps and futureproof the workforce.

The much-forgotten upside of risk is opportunity. Risk management principles can empower business leaders to face the future with confidence — because, when it comes to leading in an unpredictable environment, confidence matters.

Trend 1: Keeping up with the cyber attacks with humans at the digital frontline

Because human error allows most cyber attacks to succeed, companies are doing their best to counter these vulnerabilities by putting in place more checks and balances, including robust cyber hygiene and "zero trust" approaches to cybersecurity. But with AI, companies are two steps behind how criminals are using the technology to scam and exploit workers.

Nefarious actors are using AI to analyze social media activity, online conversations and personal data to make attacks more targeted and convincing. When phishing, AI allows hackers to create more tailored messages that mimic the language, tone and style of a trusted contact or reputable organization.

The telltale signs of a malicious email or message are becoming more difficult to spot, explains Johnty Mongan, global head of Cyber Risk Management in the Gallagher Cyber Defence Centre. "Cybercriminals used to create phishing emails that were littered with spelling errors and punctuation issues, but now ChatGPT — being a language-based product — will create perfect text."

We're talking about criminals on a global scale doing thousands of attacks per crime gang, per day. The scale of that terrifies me because you have even fewer barriers to entry, and we're in a place now where the firewall is the human being: it's down to the individual employee to spot anything suspicious, and it's getting harder and harder.
Johnty Mongan, global head of Cyber Risk Management in the Gallagher Cyber Defence Centre

Deepfake audio and video are another area where AI is being used to impersonate executives or other trusted figures to manipulate victims into revealing sensitive information or authorizing financial transactions. These sophisticated frauds are very convincing and employ emotional manipulation strategies.

John Farley, managing director of Gallagher's Cyber Liability practice, warns that businesses will be more exposed to social engineering-type attacks in 2025: "Hackers can launch really sophisticated phishing campaigns with emails that have no spelling mistakes and excellent grammar, which are very targeted to you as the victim because they pulled all your information from social media. We must get better at responding to those and then preventing those.

"Then there's deepfake technology," he continues. "That's another area where you're going to see video or voicemail impersonations. Employees need to be trained on the new ways hackers are using AI."

According to the 2025 Attitudes to AI Adoption and Risk Survey, business leaders see the increased threat of privacy violations and data breaches (33%) and greater vulnerability to cyber attacks and fraud (29%) as among the top four risks to the business arising from AI.

While half of those surveyed said they thought the IT department has primary responsibility for managing risks relating to AI, respondents also see risk management, legal and compliance, and HR as key to dealing with these emerging risks.

Securing the right talent to deal with cyber and AI-related risks is, however, becoming more difficult.

Skills gaps and heightened risk are directly correlated, according to IBM. IBM research found that more than half of the companies that suffered a cyber attack in 2024 had experienced cybersecurity staffing shortages at the time of the security breach. The average cost of a breach has risen to USD4.88 million.

IT professionals are suffering stress and burnout due to the pressures of constant digital change and the threat environment, which are impacting staff retention. "It's not uncommon for IT directors to go on sick leave for stress either mid-crisis or after the crisis," says Mongan, "even for those working on the periphery of an incident."

Having the right crisis response team to guide the company through a breach can make a difference.

The finance piece of cyber insurance is just the icing on the cake. The value to the client is that when they call at 2 a.m., you're immediately connecting them with all the people they're going to need in that moment. I've seen firsthand how that value is felt.
Johnty Mongan, global head of Cyber Risk Management in the Gallagher Cyber Defence Centre

Types of AI phishing attacks

AI-driven phishing attacks can take several sophisticated forms, including:
  • Vishing (voice phishing): Attackers use deep-learning technology to create realistic voice clones to impersonate trusted individuals over the phone.
  • Spear phishing: Spear phishing is highly targeted. Attackers gather detailed personal and professional information to craft convincing emails that appear legitimate. AI significantly enhances the effectiveness of spear phishing by automating personalization at scale.
  • Deepfake attacks: This form of phishing employs deepfake audio and video to impersonate real individuals. Cybercriminals typically use AI-generated deepfake videos or voice recordings to manipulate victims into complying with fraudulent requests.

Top tips for building cyber resilience

  • Implementing zero-trust architecture: This approach ensures that all users, devices and applications are continuously verified before access is granted.
  • Enabling multi-factor authentication (MFA): Requiring multiple verification forms reduces the chances of unauthorized access, even if credentials are compromised.
  • Enhancing threat intelligence: Using AI to analyze and predict potential threats can help organizations stay ahead of attackers.
  • User education and awareness: Regular training programs can equip employees and individuals with the awareness and knowledge to recognize and respond to phishing attempts, particularly as attacks become more sophisticated in nature.
  • Collaboration and information sharing: Partnering with industry peers, law enforcement, risk management experts and cybersecurity organizations enhances collective defense capabilities.
  • Cyber insurance: Investing in cyber insurance is essential to a comprehensive cybersecurity strategy. It provides financial protection and assistance in the event of a cyber incident, helping organizations recover more quickly and mitigate potential losses.

Trend 2: AI adoption drives the need for continuous learning

With ongoing automation, the half-life of a skill — the rate at which skills become half as useful — is getting shorter. Whereas once a set of skills could take you through a career, those learned today could become obsolete within just a few years.

With the emergence of new technologies, particularly artificial intelligence and digital automation, we are at an inflection point
Tamarah Saif, managing director of People Development and Insights at Gallagher
 
The pace of change is rapid, and organizations must determine how to remain competitive in this dynamic environment by rethinking how they interact with the marketplace and identifying the necessary skills within their organizations to adapt.

Much of the workforce is already using AI, but addressing skills gaps remains a priority for most firms, according to the 2025 Attitudes to AI Adoption Survey.

"AI has immense potential to boost efficiency, automate complex operations and enhance predictive data analysis," says Gallagher's Farley. "However, emerging technology almost always brings new and unforeseen risks to those who adopt it. That's why it's imperative that organizations deploy a strategy for striking the delicate balance between making sound, risk-based decisions while staying technologically competitive to enhance productivity."

Seven of the top 10 challenges associated with AI adoption relate to lack of skills and difficulties hiring people with the right skills, placing people and change strategies as a top strategic priority. Gallagher's AI research found that 85% of employers are introducing job protection strategies with a focus on training and reskilling.

Successfully tackling skills gaps means moving beyond traditional learning and development models. The answer may lie in agile and adaptive learning systems, using AI as part of the answer to tailor learning to individual needs and career paths.

"Given the decreasing lifespan of certain skills, organizations must recognize the importance of evolving skill sets to remain relevant and thrive," says Saif. "Investment in ongoing learning and development for its people becomes a critical risk management priority."

Retooling also opens new doors, offering workers the opportunity to transition into new roles during this period of change. The varying pace of integration within the organization means that different teams will have their own set of concerns and requirements at any one time, calling for flexible, employee-focused change strategies that keep the workforce engaged and supported.

Ben Warren, managing director, head of Digital and AI Transformation, Communication Consulting at Gallagher, observes that "business leaders are focused on unlocking the value of new AI technology, highlighted by an increase in investment over the past 12 months. However, despite a proliferation of tools, we have found that AI adoption is largely limited to IT and sales and marketing functions, leading to gaps in AI literacy and adoption across organizations, limiting the overall ROI and increasing business risk — particularly within the framework of enterprise risk management."

Rise of the chief AI officer: Technology drives demand for new skills and job roles

The impact of digital transformation can be seen in demand for certain skills, including AI and digital literacy. Over a third of business leaders Gallagher polled said they've already hired a chief AI officer (CAIO), and nearly half have hired people into AI-specific roles.
The CAIO role requires a keen ability to balance innovation with AI risk management and may include:
  • Strategic AI leadership — Creating and implementing the overall AI strategy, with an eye on improving operational efficiencies, improving customer experiences and identifying new revenue streams.
  • Risk management and compliance — Establishing a framework for safe and responsible AI use as they align with both organizational ethical standards and those that external parties generally expect. This responsibility also should extend to compliance with regulatory requirements as they evolve.
  • Governance programs — Setting up formal structures to oversee AI initiatives and projects. These standard operating procedures should help to ensure the organization meets ethical and regulatory standards with an emphasis on fairness, transparency, data security and preventing unintended consequences.
  • Internal cross collaboration — Close coordination with leaders across several divisions and the C-suite to foster collaboration among various stakeholders, such as legal, IT, privacy, operations, marketing, human resources, sales and enterprise risk management departments.
  • Performance measurement and continuous improvement — Promoting a culture of continuous innovation centered on AI. Periodically evaluate the performance of AI tools and the return on investment in AI resources while staying current on new technologies that align with current and future goals of the organization.

Complementing these technology-related skills, creative thinking, resilience, flexibility and agility, along with curiosity and lifelong learning will, rise in importance over the next five years, according to the World Economic Forum's Future of Jobs Report 2025.2

Trend 3: In a world of perma-change, employees are facing fatigue

Business leaders identified employee mental wellbeing and talent retention among the top risks that have risen most rapidly in priority during the past five years. The findings from Gallagher's research, From Crisis to Confidence: 5 Years of Business Risk Evolution, demonstrate that people-related challenges are now just as critical as financial risks.

From facing a global pandemic and navigating geopolitical shifts to weathering climate chaos, businesses — and the workforce — have been pushed to adapt and innovate. The only certainty in this perma-change environment is that nothing stands still.

Employees continue to value flexible and hybrid working models introduced during the pandemic, but some firms are reevaluating the benefit, with data showing that about a third of employers have already scaled back or dropped these models. While many key measures have been maintained, others — including remote work policies and flexible hours — are under increasing scrutiny, with 35% of organizations planning further reductions within the next five years.

The sheer level of change programs underway within the business community at large is driving fatigue and disengagement in some quarters, according to the Gallagher State of the Sector survey of internal communicators. In 2025, 44 percent of internal communicators cited fatigue as one of the biggest barriers to success, making it the second most significant challenge after limited team capacity.

Constant workforce initiatives, including restructuring, technology shifts and cultural overhauls, have left some workers feeling burnt out. It has led to trends such as "quiet quitting" and "bare minimum Monday" as employees seek to carve out personal time and reduce stress.

Change is no longer a phase that organizations go through; it's the reality we operate in. And right now, we've entered a perfect storm of political and economic uncertainty, cultural shifts reshaping workplace expectations, environmental demands pushing for more sustainable practices, and the accelerating influence of AI and digital transformation.
Gemma O'Hara, director of transformation and change at Gallagher

It leads to a fragmented experience where employees feel overloaded and struggle to keep up, O'Hara explains.

To build organizational resilience, change strategies need to be more embedded — helping equip workers with the skills and tools they need to fit the new world of work, supported by strong and empathetic leadership. Ultimately, a connected, motivated and high-performing workforce is essential to effective strategic risk management/ERM.

"While processes and technology drive transformation, it is people who ultimately make change happen," says O'Hara. "To make change work, people need to buy into and embrace it, and to do that they need to understand its value. The story we tell about change is as important as the change itself."

The majority of businesses have made changes to how business decisions are made and how they communicate to employees in the past five years, according to the Gallagher's Global Business Risk Evolution Survey.

Top tips for reducing change fatigue

  1. Shifting perspective: Instead of framing every initiative as "change," position it as an "improvement" or an "evolution." This subtle shift in language can help reduce resistance and encourage a more positive mindset.
  2. Communicating the why: Employees need to understand what's in it for them. Clear, transparent messaging about the purpose and benefits of change is essential to getting buy-in from employees.
  3. Building consistency: When various initiatives connect to a single, overarching vision, they become easier to digest. Internal communications should maintain an overview of all change projects, ensuring a cohesive and coordinated strategy that minimizes communication overload.
  4. Supporting leaders: Equip leaders with the tools they need to communicate effectively. Provide coaching, feedback, briefing packs and real-life examples of good and bad communication practices. Many leaders are time-poor; making it easy for them to deliver clear, aligned messages will improve engagement and trust across your organization.

Trend 4: Global shifts are driving job insecurity

The labor strikes that brought several North American ports to a standstill in October 2024 reflect broader global trends driving job insecurity.

Unaddressed, workers' fears around their future job prospects can impact employee engagement and wellbeing. There are also the related concerns of industrial action and strikes, causing wider economic disruption. The US port strikes underscore the importance of ensuring a just transition in the face of automation and change.

Recent shifts in globalization have further focused attention on job stability in some sectors. Trade disputes, offshoring and foreign competitors are some of the key drivers, according to the 2025 Edelman Trust Barometer.1 Perhaps unsurprisingly, the top fear for employees is "international conflicts about trade policies and tariffs hurting the company you work for."

Reskilling workers that are facing disruption can help build a workforce that is resilient and ready to adapt to the future. Such an approach is crucial for individual businesses and the wider economy. Post-industrial declines in the North of England, the US Rust Belt and Germany's Ruhr Valley have demonstrated how, unaddressed, the phasing out of older industries can leave behind a legacy of neglect and inequity.

By offering reskilling and financial safety nets to workers in industries that are being phased out and disrupted, emerging industries are less likely to face a skills and talent gap. Investing in a just transition is, therefore, key to unlocking the return on investment in such industries.

Geoeconomic fragmentation and geopolitical tensions are expected to drive business model transformation in a third of companies over the next five years.

This will see the displacement of around 8% (or 92 million) jobs globally, according to World Economic Forum, which should be more than offset through the creation of 170 million new jobs.2 Nevertheless, the transition will be substantial. Dealing with feelings of job insecurity and preparing workers to make the most of new opportunities requires support and retooling on a massive scale.

Even in industries that are not being disrupted, the impact of digital transformation is impacting job security and employee wellbeing, leading to worker unrest. The Hollywood screenwriters' strike in 2023 is the most high-profile evidence of this to date. A quarter of respondents to 2025 Attitudes to AI Adoption and Risks Survey said that concerns about AI eroding employee trust in the business was one of their main barriers to adoption.

They acknowledged the potential impact of automation on staff engagement, morale and trust in leadership. While most business leaders (68%) thought AI had improved employee morale, 15% thought the technology had increased stress within the workplace.

Although most business leaders think AI is more likely to augment than replace existing roles in the business, over a third said they thought the technology would do both, and a significant minority (17% in Europe and 11% in North America) anticipate that workers in their sectors will be replaced over time.

There's fear amongst some employees, who are asking, 'Is AI going to take my job?' and 'Are we all going to be automated away?' The noise is making some people quite despondent to change and embracing the opportunities with AI."
Ben Warren, managing director, head of digital transformation and AI, Communication Consulting, Gallagher
27% of leaders worry about AI's impact on employee engagement.
20% of leaders say AI use can reduce trust in leadership.

The key to allaying these concerns is transparent communication and effective change strategies. Creating awareness, demonstrating the benefits and educating the workforce will be essential to addressing fears around job displacement and uncertainty — a core concern within both people risk and enterprise risk management.

"Organizations need to reassure employees that AI adoption will be a gradual process and that there will be plenty of opportunities for reskilling," says Warren. "It is about creating a culture where employees feel empowered to adapt."

What businesses can do:

  • Invest in workforce development. Training, upskilling and reskilling programs reassure employees that they have a future in the company and industry.
  • Commit to fair wages and job security. Competitive pay and transparent job stability policies foster a sense of security.
  • Prioritize internal trust. Employees who trust their employers are more likely to be positive towards the broader institution of business. Open communication about organizational changes, market conditions and company strategy can mitigate uncertainty.
  • Promote financial literacy. Helping employees manage financial challenges through education and support programs can build resilience and confidence in the company.

Just transition: Addressing skills gaps as economies move to Net Zero

Many industries are struggling to find the talent they need. In Europe, the construction industry workforce, for instance, hasn't recovered from the impacts of shocks such as the global financial crisis and global pandemic. Demographic factors are at play, with greater numbers of workers retiring than entering the industry. This issue will become even more pronounced as demand for skilled workers grows.
Construction is at the heart of achieving the EU's European Green Deal, with the need to fill an estimated 4.2 million job openings by 2035.
One of the biggest current skills gaps is in the renewable energy sector, which is primed to undergo substantial growth over the next decade. A lack of skills can lead to operational inefficiencies, as workers may not have the expertise to operate and maintain advanced machinery and technology. This can result in increased downtime, production delays and greater expenses.
Safety and wellbeing are another key concern. A lack of workers with advanced skills and experience increases the chance of machinery being used incorrectly and procedures not being followed, increasing the potential for accidents at work.
Targeting the skills gap as part of the energy transition is key to reducing some of these risks. According to Carl Gurney, account director, Renewable Energy, Gallagher: "Upskilling the workforce to adapt to these changes is crucial, as it will play a vital role, not only in the deployment of renewable energy solutions, but also in the effective maintenance and operation of the plants and infrastructure. This is true up and down the supply chain."

Building an adaptive and engaged workforce is essential to navigating a more unpredictable and volatile risk landscape. It was management guru Peter Drucker who said that people were an organisation's most valuable asset and that decisions impacting the workforce must take top priority. Gallagher's research findings suggest this has never been more relevant, with those responsible for people strategy needing a seat at the boardroom table.

Continuing to successfully identify and manage workplace risks will continue to require the collective brains and capabilities of enterprise risk, HR, leadership and beyond. The heightened role of strategic risk management principles in today's workplace is undeniable, as organizations navigate an era marked by rapid transformation and seek to build a people-first approach to resilience.

Published June 2025

Sources

1 "2025 Edelman Trust Barometer," Edelman, accessed 20 Apr 2025. PDF file.

2 "Future of Jobs Report 2025," World Economic Forum, Jan 2025. PDF file.