The Real Risk for 2026 onwards Isn’t Volatility. It’s “Business as Usual.”  Most leaders are preparing for the next three years like they’re preparing for a storm: reinforce the windows, stock supplies, and hope it passes.  Boards are going through board assessment exercises as “tick-the-box” done-that task, to satisfy their regulatory authorities. The reality is the 2026 and the next three years are going to stress-assess boards to their limits, unless they re-imagine what they must do to deliver growth, not Business as Usual.

That mindset will most likely lose.  Because what’s coming isn’t a storm. It’s a climate shift in how power, value, and trust move through markets. And the winners won’t be the companies with the best forecasts. They’ll be the ones with the best governance, the strongest execution culture, the most adult relationship with technology, and a growth strategy designed for fragmentation.

The controversial truth: the biggest risk to your organization in 2026 is not cyberattacks, regulation, AI disruption, supply chain shocks, or talent churn.  The biggest risk is that your board and executive team will treat these as separate topics, they’re not.  They’re one intertwined ecosystem, and the organizations that see the system will turn risk into growth while everyone else keeps writing “risk updates” that change nothing. 

 

Your Board Is Either a Resilience Engine… or a Liability

In the next three years, boards will be exposed. Not because they don’t care, but because many are still governing with an outdated mental model, where “Strategy” is a deck, “Risk” is a register, “Compliance” is a department, “Cyber” is IT, “AI” is innovation, and “People” is HR.

Consider the possibility that perhaps this model is dead our-dated.  The new board mandate is simpler and harsher: prove you can govern a business that must adapt under pressure, fast, and without breaking trust.

The boardroom shift that separates winners from casualties

By the end of 2026, strong boards will do three things differently:

1) They will govern interdependencies, not categories.  Cyber risk is tied to third parties. Third parties are tied to supply chain. Supply chain is tied to sustainability due diligence. Sustainability claims are tied to reporting controls. AI accelerates all of it, and multiplies reputational exposure.

2) They will stop asking for “assurance” and start demanding “readiness.”  Assurance tells you what was true yesterday. Readiness tells you whether you can survive tomorrow morning.

3) They will make risk appetite operational.  Not “we have a risk appetite statement.”  I mean: where you will accept fragility, where you will pay for resilience, and where you will not compromise, ever.

Here are a couple of hard questions for boards in 2026: If a crisis hits on Monday, whether this is a cyber compromise, a supplier failure, a regulatory issue, and an AI-generated misinformation campaign, do you have a single integrated command structure? Or do you have four separate teams arguing over ownership?

AI Governance Professional Certificate Qaulification

Leadership Effectiveness: Speed Without Discipline Will Destroy You.  

Leaders love the word “agility.” Most organizations confuse it with “moving fast.”  Here’s the correction: agility is speed with control.  Over the next three years, leaders will be forced to manage the uncomfortable middle. You move too slow, you get overtaken; move too fast, you trip over gaps, controls, and trust failures

Consider a leadership upgrade: from “decision-making” to “decision architecture”.  High-performing leaders in 2026 will build a decision architecture.  Early warning signals (geopolitical, regulatory, cyber, vendor, workforce); Scenario triggers (what changes our plan, specifically?); Data discipline (one source of truth, not 12 dashboards); Crisis muscle memory (tested playbooks, not theoretical binders).  Here’s the potentially controversial part. If your leaders can’t communicate change simply, frequently, and credibly, your transformation will fail, even if your strategy is correct.

 

Organizational Culture: Trust Will Be Your Most Expensive Asset.  

2026–2028 is the era of trust economics.  Digital trust. Brand trust. Workforce trust. Investor trust. Regulatory trust.  And trust will be attacked from two sides at once. Real failures (breaches, compliance gaps, weak controls).  Perceived failures (misinformation, deepfakes, reputational narratives).  Culture is not “values on a wall”, and I am sure you have heard this before. It’s also not when all is going great and everyone is hitting their zone.  Culture is how work happens when pressure rises

Cultural risks leaders keep underestimating:

  • The compliance culture gap: Many companies want “innovation culture” but maintain a “permission culture.” They treat compliance like a blocker… then wonder why compliance shows up late, panicked, and controlling. The future is compliance by design, embedded early, fueled by data, enabled by automation.
  • The AI trust gap: AI will expose your organization’s real values. If your people believe AI is being used to cut jobs, monitor them, or move decisions into black boxes—your engagement will collapse. If they believe AI is being used to remove friction, elevate capability, and create opportunity, your productivity will spike.
  • The burnout gap: Workload intensification + change overload + unclear communication = retention risk. And retention risk is not an HR issue. It’s a growth constraint.

If you want a culture advantage in the next three years, obsess over Clarity, Capability,  and Care, and make it visible.

 

The New Growth Strategy Is “Resilience-Led Expansion”

The next wave of growth won’t come from being bold. It will come from being bold with protection.  The geopolitical environment is shifting from globalism to regionalism. Trade barriers, technology competition, and regulatory divergence will make “one global playbook” increasingly naïve.

So the question becomes, “How do you grow when the world is fragmenting?”

You need a growth strategy built on three specific pillars.

Regional operating models, not just regional sales: If your supply chain, data flows, and compliance model can’t operate under different rules, you don’t have “international growth.” You have “international exposure.”

Third parties as strategic leverage, not an unmanaged dependency.  Most companies treat vendors like procurement events. In 2026, third-party ecosystems are part of your identity, your compliance footprint, your cyber surface area, and your operational resilience. If it’s still managed in spreadsheets and silos, you’re behind.

Sustainability as value creation, not reporting theatre.  The market is moving from reporting to real performance: circularity, nature impact, responsible supply chains, and credible data. Sustainability claims without controls will be punished—by regulators, investors, and customers.

 

The 2026 Playbook: Four Moves I’d Make in Any Boardroom

If I walked into your boardroom tomorrow, here’s what I’d push for, immediately. 

Move 1: Create a single “Trust & Resilience Agenda”. One agenda. Not five disconnected ones.  Cyber + AI governance + third parties + supply chain + sustainability controls + workforce readiness.  Because that’s the system.

Move 2: Replace “more controls” with “better data”.  You can’t automate chaos. The organizations that win will build governed data, consistent definitions, a “golden source” approach, and most importantly reporting that your executive leaders actually can and will use.

Move 3: Treat AI as a governance issue before it’s a technology issue. AI without strategy is noise. AI without guardrails is a liability. AI without training is wasted spend. AI without transparency is a trust collapse.  

Move 4: Make talent a strategic risk metric.  If 25–30% of your workforce is considering leaving, your strategy is irrelevant. The next three years reward companies that upskill, communicate change, and reduce uncertainty through leadership maturity.

 

Where I Agree, and Where I Disagree With the Standard Narrative. 

If you haven’t caught on to what I am getting at yet, let me be a bit more direct.

I agree that resilience is the new advantage.  Yes, the idea of “prevent everything” is fantasy and recovery speed and continuity are becoming the real measure of competence.

However, I disagree with treating compliance primarily as a burden.  Compliance is a growth lever, when designed right. But it’s also true that regulation can choke innovation when leaders respond with “more people, more checklists.” The smarter response is to redesign data, automation, integration, and earlier involvement.

I also disagree with “AI value” being framed as inevitable.  AI value is not automatic. It is earned through governance, risk assessment, training, and measurement. Without those, AI becomes a cost-center with reputational downside.

 

 

SHARE:

Wassim Karkabi

Wassim Karkabi is the Founder & Executive Chairman of the Global Board Institute & Managing Partner and Global Shareholder at Stanton Chase, amongst other things. He has advised privately owned, stock-listed and regulated government organizations on their Board, Leadership and Culture matters across MENA, Europe and Asia for the last 20 years. He has helped assess and hire Board Directors and C-Suite teams for businesses, and services as a Non-Executive Chairman or Chair of the NRC on several.

Three Insights for Boards to Action in 2026

The Leadership Gap at the Board that No One is Talking About

Recent Posts

All Recent Posts
abstruct image

The Leadership Gap at the Board that No One is Talking About

Feb. 12, 2026
abstruct image

Three Insights for Boards to Action in 2026

Jan. 05, 2026