Hello and Happy New Year 👋 get a brew on because these are the top emerging risks between December 15 2025, and January 12, 2026…
Review our report’s terminology here ↗
We’re back after a well-deserved break and although it went faster than Christmas pudding, we’re excited to support you in global threats and mitigations in 2026.
After much reading and analyzing the world’s top threat intelligence over the holidays (excellent bedtime reading), we can confidently say that this new year is unlikely to be any different. In fact, the key risk categories have gone up in criticality by about 26% in the last 3 months according to recent studies out of WEF and Harvard Business Review.
The strategy for 2026 is a simple:
Plan, do, check, and act.
Do those four things, and you will be OK.
Our main risk this fortnight is…
1. Economic: 2026 Supply Chain Disruption Outlook
Everstream Analytics is flagging a 2026 disruption landscape where climate-linked shocks, infrastructure strain, and geopolitics increasingly compound rather than occur in isolation, turning “single events” into multi-region, multi-tier supply failures.
The operational risk is shifting from short, localised delays to prolonged volatility: suppliers may “recover” but remain capacity constrained due to labour dislocation, damaged logistics corridors, or repeated extreme-weather events.
Planning is moving beyond supplier scorecards toward network mapping: understanding sub-tier dependencies, chokepoints, and route optionality becomes a prerequisite for credible resilience claims.
The practical takeaway: “just in time” is not dead, but it is being forced to coexist with redundancy, scenario planning, and earlier commitment to inventory and transport capacity.
Sources
Everstream: Predicts the top four global supply chain disruptions for 2026 (DC Velocity, accessed 11 Jan 2026)
International Monetary Fund: World Economic Outlook (October 2025 edition)
Federal Reserve Bank of New York: Global Supply Chain Pressure Index (latest release)
World Economic Forum: Global Risks Report 2025 (January 2025)
World Meteorological Organization: 2024 State of Climate Services (November 2024)
You should be concerned if…
Manufacturers with regionally concentrated supply
If key components come from one climate-exposed geography or a single logistics corridor, repeated disruption can become “normal operations,” eroding service levels and margins simultaneously.Retailers and consumer brands with promotion-driven demand spikes
Weather and transport volatility punish tight replenishment cycles. If demand surges meet a fragile inbound network, you get stockouts and expedited freight at the same time.Logistics providers and 3PLs with fixed-network assumptions
If your network design assumes stable lane performance and predictable port or rail throughput, you will struggle when disruptions cascade across nodes and force rapid re-optimisation.Companies with thin tier-2 and tier-3 visibility
Even if tier-1 suppliers appear stable, sub-tier fragility can trigger sudden line-down events that look like “supplier failure” but are actually upstream shocks.
These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.
Preventative actions
Build a disruption portfolio, not a single plan
Treat disruption as a set of repeatable patterns (weather, labour, infrastructure, geopolitical constraints) and maintain playbooks for each, including triggers for switching lanes, swapping suppliers, and changing order policies.
Map critical sub-tier dependencies
For high-impact SKUs, identify tier-2 and tier-3 single points of failure and validate alternates. Contractual visibility requirements and periodic supplier validation are often more effective than one-off surveys.
Design route optionality into contracts
Pre-negotiate carrier and lane alternatives, including port-of-entry flexibility. Optionality is cheapest before the incident and most expensive during it.
Stress-test inventory policy against multi-week disruption
Run scenarios where replenishment is constrained for longer than expected, then decide which SKUs justify strategic buffers and where postponement or substitution can reduce fragility.
2. Technological: Ransomware Targets Transport Logistics
A Cyble report highlights a surge in ransomware activity affecting transport and logistics, with attackers exploiting the sector’s high uptime requirements and operational interdependence to force faster payments and higher disruption impact.
Logistics firms are attractive targets because downtime propagates immediately: missed pickups, warehouse standstills, customs delays, and cascading penalties across contracted service-level agreements.
The threat is not limited to “IT systems” in isolation. Fleet operations, warehouse management, shipment visibility platforms, and customer portals create multiple attack surfaces and multiple pressure points for extortion.
The broader risk is systemic: when a major logistics node is compromised, downstream manufacturers and retailers can experience disruption even if their own systems remain uncompromised.
Sources
Cyble: 2025 ransomware attacks on transport and logistics surge, disrupting global supply chains (VARINDIA, accessed 11 Jan 2026)
CISA: Stop Ransomware – ransomware guidance and response resources (updated)
Microsoft Security: Ransomware trends and threat intelligence (latest)
UK National Cyber Security Centre: Threat actors exploiting supply chains and third parties (guidance collection)
You should be concerned if…
Transport, freight forwarding, and warehousing operators
Your business model depends on continuous operations and tight coordination. Ransomware disrupts dispatch, scanning, routing, inventory accuracy, and customer commitments simultaneously.Manufacturers running lean production and time-definite inbound
Even a short outage at a 3PL, carrier, or visibility vendor can halt lines or force costly rescheduling. Your resilience is only as strong as your logistics dependencies.Retailers dependent on DC throughput and last-mile partners
If WMS, labour scheduling, or transport systems go offline, order backlogs compound quickly and recovery can take days even after systems are restored.Any firm using shared logistics platforms
Multi-tenant systems and widely used vendors can become single points of systemic failure, where one compromise becomes a cross-customer disruption event.
Preventative actions
Assume logistics is critical infrastructure
Treat TMS, WMS, telematics, and label/scan environments as “must-run” systems with hardened access controls, aggressive patching, and isolation from general corporate IT.
Prove you can recover operations without paying
Maintain offline, tested backups and run restore drills that include the operational layer: shipping, receiving, pick-pack-ship, and dispatch workflows, not just server recovery.
Contract for cyber resilience, not just uptime
Supplier agreements should include breach notification timelines, recovery time objectives, and evidence-based controls (MFA, segmentation, backup posture), with the right to audit where appropriate.
Reduce blast radius with segmentation and least privilege
Split corporate IT from warehouse/fleet systems; enforce MFA; remove standing admin rights; and monitor for abnormal access in dispatch and warehouse accounts.
Quick snippet stories
Cyber incidents are increasingly disrupting enterprise operations
A Yahoo Finance report highlights that cyber incidents and attacks are materially disrupting enterprise operations, reinforcing that digital downtime is now an operational risk problem, not just an IT issue. The practical implication is that continuity planning must cover identity outages, SaaS disruptions, third-party compromise, and degraded manual workarounds, not only catastrophic data-loss events.
Yahoo Finance: Cyber incidents and attacks disrupt enterprise operations (accessed 11 Jan 2026)Honda extends China production halt amid Nexperia crisis
Honda has extended a production halt in China linked to a supplier disruption described as the “Nexperia crisis,” underscoring how semiconductor supply constraints can rapidly translate into OEM operational stoppages. The story also points to a geopolitical industrial-policy dimension, with heightened scrutiny of Nexperia due to its ownership structure and government intervention affecting assets and operations. For supply-chain leaders, the key risk is that political decisions can constrain capacity and availability in ways that appear to be supplier failures but are effectively state actions.
Automotive World: Honda extends China production halt over Nexperia crisis (accessed 11 Jan 2026)Manufacturing in 2026: repatriation meets intelligent cobots
A Machinery feature argues that 2026 manufacturing strategy is being shaped by two parallel forces: supply-chain repatriation and the uptake of more capable, intelligent collaborative robots. The risk lens is straightforward. Firms attempting to onshore or nearshore without solving labour and productivity constraints may struggle, while those adopting automation without robust change management can introduce quality and safety issues. The durable advantage comes from linking automation decisions directly to resilience goals such as multi-site flexibility and faster product changeovers.
Machinery: Manufacturing in 2026, from supply-chain repatriation to intelligent cobots (accessed 11 Jan 2026)UK businesses warned that disruption risk is rising from protests
City AM reports warnings to businesses about disruption stemming from a surge in protests, which can affect staff access, deliveries, customer footfall, and local transport reliability. This is a continuity-planning issue as much as a security issue. Organisations need routing options, staffing contingencies, and communications playbooks for rapid disruption in dense urban areas. If you operate from shared premises, disruption affecting others is almost always yours too, so planning and exercises should explicitly incorporate external disruptions in shared buildings, estates, and multi-tenant sites.
City AM: City businesses warned of disruptions from surge in protests (accessed 11 Jan 2026)Ransomware pressure rises on UK mid-market firms
Raconteur reports that UK mid-market firms are increasingly targeted by ransomware actors, often because they have meaningful revenue and operational complexity without enterprise-grade security depth. For leadership teams, the operational lesson is that ransomware is rarely just data theft. It manifests as service disruption, invoice disruption, payroll disruption, and customer churn risk. The most practical step is to align cyber controls to business processes that must continue operating, then test the ability to function manually under realistic downtime assumptions.
Raconteur: Ransomware and the UK mid-market, why firms are exposed (accessed 11 Jan 2026)
Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗
Need support?
At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.
