Navigating Risks in 2025: Insights from the UK National Risk Register
The UK Government has published 2025’s National Risk Register (NRR)[1] a public facing version of the internal and classified National Security Risk Assessment (NSRA). It compiles the impacts and likelihood of wide-ranging malicious and non-malicious threats, such as natural hazards and terrorism, on the UK’s lives, health, society, critical infrastructure, economy, and sovereignty. To be included on the NRR these risks would have a substantial impact on safety, security and/or critical systems at a national level.
The NRR includes information on 89 risks, within nine risk themes, and sets out a ‘reasonable worst-case scenario’ for each. In 2025, for the first time, it has shifted to a dynamic assessment process so that risks can be updated as frequently as needed to capture better evidence or understanding.
This year, the most likely catastrophic-impact rated risk is pandemic, followed by lower likelihood risks of large-scale chemical, biological, radiological and nuclear (CBRN) incidents, and failure of the National Electricity Transmission System (NETS). The most likely risks with a moderate impact include terrorist attacks in publicly accessible locations, technological failure at a systemically important retail bank, and an attack on a UK ally or partner outside of NATO, or a mutual security agreement requiring international assistance.
BCI reports have identified practitioners’ risk expectations over the coming twelve months, some of which align with the newly released NRR. For example, research[2] identified adhering to new DORA regulations, aimed at mitigating risks to critical financial systems, as a top priority for the year, and IT/telecom outage (critical national infrastructure) as top risk for 2025. Another risk gathering great interest from practitioners is geopolitics with the expectation that disruption would continue over 2025[3].
However, despite practitioners registering some key risks within their business continuity programmes, pandemic is not one of them. Pandemic, the highest rated risk in impact is not included in practitioners’ top five risks for the coming year. In fact, pandemic placed just 15th in the likelihood of incidents predicted over the next twelve months.[4] This highlights a notable difference in perceived threat levels. Resilience professionals should remain vigilant and ensure pandemic planning remains a priority and does not drop off the radar.
How the NRR can support resilience professionals
Among others, the NRR is designed to support ‘Businesses, including small- and medium-sized enterprises, and those who operate critical national infrastructure (CNI), who have a need to understand the most serious risks that could impact their business continuity.’ [5]
To increase their resilience, organizations should consider benchmarking their risk registers with national risk perceptions. For example, identifying the implications of another pandemic, electricity failure, or banking interruptions on their activities and preparing strategies and training to mitigate potential disruption, prioritising their resources to mitigate the most critical threats to their operations.
Practitioners can also use NRRs to draw attention to under-perceived threats, such as pandemic, to board level to ensure they are not ignored. Those based outside the UK can use the NRR to identify what impacts adverse events in the UK might have on their own region, such as supply chain or international office location disruptions.
By coupling data from the NRR with relevant industry reports practitioners can uncover which risks are most likely or impactful based on national risk perception and peer experience. The recently released BCI Horizon Scan Report 2024 contains a wealth of information about global risks and threats with proactive strategies and practical tips from resilience practitioners. Armed with this information, organizations can understand what threats are most critical and prepare plans to mitigate against disruptions.
More on
About the author
Rebecca Mathews
The BCI
