Ongoing geopolitical tensions, trade disruptions and cyber crime are among the biggest risk factors for business travel in 2026, according to the Risk Outlook report by travel risk management company International SOS (ISOS).
Along with climate-driven travel risks, the report warns that organisations are ill equipped to handle the increased pace of disruption in a world where “volatility is no longer the exception – it is the operating environment”.
Following a survey of 860 health, security and risk professionals across 94 countries, 57 per cent of respondents agreed new risks are emerging faster than their companies can deal with.
“Risks intersect, disrupt, and escalate faster than traditional planning cycles can absorb,” writes ISOS chairman and CEO Arnaud Vaissié in the report.
“Organisations today are navigating a convergence of pressures: geopolitical fragmentation, natural hazards, rising costs and increasing polarisation... And the strain on employees – particularly regarding mental health – continues to intensify. Human capital has never been more strategically important, or more vulnerable,” he said.
Almost two-thirds of respondents (64 per cent) said security risks have increased in the past 12 months and an additional 43 per cent stated health risks have intensified – with similar proportions expecting increases in 2026, according to the report.
However, around two-thirds (66 per cent of security specialists and 68 per cent of health experts) expect resources to manage such risks to remain static in 2026, while one in ten anticipate budget cuts next year.
Geopolitical tensions are by far the biggest driver of uncertainty moving into 2026, as voted by 47 per cent of respondents. Cyber crime is another risk (27 per cent), followed by political instability (26 per cent), trade disruption (26 per cent) and regulatory uncertainty (24 per cent).
The report argues that none of these factors are mutually exclusive, with “persistent geopolitical tensions” and supply chain disruptions likely to continue in 2026.
“Domestic businesses need to start looking at that a little more than I think they have,” stated International SOS senior security adviser Kelly Johnstone in the report. “And if you’re an international business, you need to be all over it.”
The report warned about increased rates of cyber crime, citing the US government’s Cyber Intelligence Threat Integration Center which tracked 2,593 ransomware attacks worldwide in 2024, up 15 per cent on 2023. A number of high-profile cyber attacks in 2025 – including those suffered by several European airports in September and the data breach at Qantas – highlighted the levels of disruption and reputational damage that can be caused by a cyber incident, the report argued.
The report also refers to the Global Peace Index, compiled by the Institute for Economics and Peace, which recorded 159 state-based conflicts in 2025, more than any year since the 1940s.
The continuing war in Ukraine, the Israel/Gaza conflict, civil war in Sudan and unrest in Cambodia and Thailand all contributed to regional instability, according to the report.
Drone incursions into the airspace of EU states also make “the risk of conflict on European soil more real,” ISOS said in the report. “As governments in Europe focus more on security within the region and increase defence spending, this will impact how businesses see and manage risk in such traditionally low-risk markets.”
Hush trips?
The report also warned of the heightened risks associated with ‘hush trips’ – or undisclosed business travel by remote workers.
An increasing number of companies have been “caught off-guard” by calls for assistance from workers facing security or health crises in locations where they were not expected to be working in, according to ISOS.
Around one in five (22 per cent) respondents said their organisation has the capacity to monitor employee hush trips, while only 17 per cent said they are equipped to handle security or medical incidents that happen in these circumstances.
An employer’s legal duty of care in this “grey area” is yet to be tested in courts, ISOS said, but the report advised that “organisations need to decide what level of assistance they will to give to people who haven’t disclosed their whereabouts”.
Only 50 per cent of survey respondents said their company policies stipulate acceptable boundaries for remote working.
“Hush trips must be accounted for in travel management procedures and crisis response procedures and checked for insurance coverage,” ISOS said in the report. “As a minimum, employee communications should strongly encourage checking with managers before relocating for any period and should make it clear that organisational support may not be as comprehensive in unflagged locations.”