This article originally appeared in our April 23rd edition of the Diligent Minute Newsletter. For more insights like these, delivered straight to your inbox, subscribe here.
For many GCs, the job has dramatically changed in recent years. What was once primarily a legal advisory role now carries expanding responsibility for enterprise-wide risk, often without a corresponding shift in structure or systems. Today, the work is still largely done manually with little to no help coming from AI or automation.
In our latest GC Risk Index report (a biannual survey of legal leaders on how they are tackling risk), which we launched yesterday at our Elevate conference, respondents rated the current risk environment at 7 out of 10, on a scale where 10 is “significant.” Very few see risk as negligible; most are living in a state of persistently elevated, “always-on” risk. What’s changed since our earlier editions isn’t just the level of risk, but how much of it is landing squarely on the GC’s desk.
Nearly half of the GCs and senior legal leaders we surveyed (46%) now spend 21–40% of their time on enterprise-wide risk and compliance coordination compared to traditional legal work. In practical terms, GCs are spending between one and two days each work week on coordinating risk and compliance at their organizations. That time commitment is growing: 67% report an increase over the past year, while just 2% note any decrease. In effect, more and more GCs are acting as enterprise-wide risk leaders in all but name, shaping the risk narrative management teams and boards rely on to make decisions.
At the same time, the risks they’re contending with are deeply intertwined. Top drivers include geopolitical conflicts, regulatory change, AI-related risks, cyber threats and supply-chain disruptions — spanning strategy, operations, technology and people.
Here the data is sobering. Only 19% of respondents say their organization’s GRC systems are fully integrated; more than four in five are working with siloed tools. Many describe risk, compliance, controls and incident data as “trapped” across multiple systems, with significant manual effort required to stitch it together for management and the board.
The organizational wiring isn’t much cleaner. Just over a quarter have both Risk and Compliance reporting directly to the GC or Legal. The result is a world where GCs are accountable for the risk conversation without always being structurally empowered to own it.
The most concerning finding, from a governance perspective, is how few GCs feel they are providing boards with the risk information they really need. Only 21% say they are very confident their board receives the right mix of information on risk (focused, forward-looking and not overwhelming).
As my colleague Kira Ciccarelli notes in the report, “Without integrated data and clear role definitions, it is hard to consistently provide boards with concise, forward-looking and prioritized risk reporting.” GCs are spending more time than ever on enterprise-wide risk, but much of that time is being consumed by manual synthesis.
This is a critical conversation for directors and executives to have with their GCs: not just “What keeps you up at night?” but “What would it take to give the board a truly decision-ready view of risk more than just once per quarter?”
Finally, no 2026 conversation would be complete without AI. Our data shows a split reality in legal: about half of teams (52%) report significant, measurable efficiency gains from AI. When asked about AI in the boardroom, respondents voiced three main worries: confidentiality and data security, hallucinations / over-reliance on AI outputs, and director capabilities in using the tools critically.
These concerns are not a rejection of AI. They are, instead, a call for governed, transparent and human-centered approaches: AI that preserves confidentiality, explains its reasoning and supports board oversight.
For GCs, this Index offers a data-backed way to articulate what many are already feeling: the job has changed. For boards and executives, it’s an invitation to ask whether your GC has the mandate, structure and tools to match the risk landscape you’re asking them to manage. Always‑on risk is unlikely to ease. The organizations best positioned to navigate it will be those that treat enterprise risk leadership as a designed capability, not an implied responsibility.
AI action plan worksheet for GRC leaders
Unlock the potential of AI in governance, risk, and compliance with this practical 90-day action plan worksheet designed for GRC leaders. This guide helps you assess AI maturity, prioritize use cases, and establish essential guardrails, ensuring a structured and accountable approach to AI implementation in your organization. Download now to transform AI discussions into a clear, actionable strategy.
General Counsel Risk Index: Global risk benchmarking for legal leaders
Gain critical insights into global risk benchmarking with the latest General Counsel Risk Index, which synthesizes data from 147 senior legal leaders. This report will help you assess your organization's risk posture, enhance governance, risk, and compliance strategies, and prepare for informed discussions with your board and C-suite. Download now to access essential benchmarks and elevate your legal leadership role.
From AI talk to real impact: How today’s public leaders do more without adding headcount
Unlock the potential of AI in public governance with our comprehensive guide designed for clerks, city administrators, and governance teams. Learn to streamline agenda preparation, enhance compliance, and create a transparent workflow that aligns elected officials and staff on responsible AI use. Download now to transform your public sector operations in just 90 days.
