A decade ago, cybersecurity was often treated as a purely technical issue. It was the responsibility of IT teams, discussed in terms of firewalls, passwords and system vulnerabilities.
Today, that perspective seems outdated. Cybersecurity is now an enterprise-wide risk managed at board level. It is continuously monitored, incorporated into procurement, tested through scenarios, linked to insurance and considered fundamental to resilience, trust and long-term value.
Climate risk is now undergoing a similar shift.
For many organisations, climate risk has historically been managed through sustainability reports, environmental, social and governance disclosures, and long-term net zero commitments. These remain important, but they are not enough. The World Economic Forum’s 2025 Global Risks Report found that environmental risks dominate the ten-year outlook, with extreme weather events leading the list. The challenge for businesses is to translate that global risk picture into operational decisions.
This is the real category change. Climate risk is moving from the margins of corporate responsibility to the heart of business resilience.
The risk is already hitting the business
Climate risk is often treated as a descriptive rather than a manageable issue. While a business may have a high-level understanding of its exposure, the more crucial question is whether this understanding impacts decision-making.
This is where the risk becomes real. For example, a manufacturer may find that its greatest climate exposure is not its own factory, but a component supplier located in a flood-prone area. It could affect production schedules, customer deliveries, costs and revenue.
The same applies to long-term investment. While a property investor may not be facing immediate physical damage, the value of an asset can still be affected if insurance becomes more expensive or harder to obtain over its lifetime. In that case, climate risk becomes a question of future value, financing, and commercial viability.
The financial signals are already pointing in this direction. Rising losses from floods, storms, wildfires and other extreme weather events are affecting insurance markets, pushing up premiums, increasing exclusions and making it harder to insure certain assets. The Swiss Re Institute has warned that losses from natural catastrophes are rising in the long term, with insured losses exceeding USD 100 billion for six consecutive years.
For businesses, this is not just an insurance issue. It is part of the same operational challenge. Physical climate risk is already altering the economics of assets, infrastructure and supply chains. By the time these impacts appear on a balance sheet, they are no longer just ‘climate issues’. They affect margins, continuity and competitiveness.
Climate data must become decision-useful
It is a common misconception that climate risk analysis is simply weather prediction. Weather forecasting asks what may happen over the next few days. Climate risk analysis considers how patterns of hazard, exposure and vulnerability may change over years and decades, and what those changes mean for decisions being made today.
This matters because many business decisions are long-lived. A site chosen today may still be operating in 20 years or a supplier relationship may shape resilience for a decade.
The challenge is that climate data is often complex, technical and difficult to translate into practical business decisions. It may indicate increasing flood risk or more severe heat stress, but leaders need to understand the implications. At what point does a site become too exposed? When does a supplier become too risky to rely on alone?
This is where organisations need to move from climate data to climate intelligence. Data alone does not change decisions. It becomes valuable when connected to specific assets, suppliers, costs and timeframes.
Build climate intelligence into existing systems
The most important lesson from the field of cybersecurity is that risk becomes manageable when it is integrated into existing systems. Cybersecurity matured when it became part of vendor checks, access controls, incident response, insurance discussions, board reporting, and employee training. It was not treated as a separate annual exercise.
Climate risk needs to follow the same path. Rather than creating another standalone sustainability process, the aim should be to build climate intelligence into the processes businesses already use. For the procurement department for example, this could mean assessing whether critical suppliers are exposed to disruption and whether the supply base is sufficiently resilient. The idea is not to make every department an expert in climate science. Rather, the aim is to make climate intelligence usable in the language of each function.
Technology is essential to this shift. Organisations need systems that can combine climate models with asset and supplier data in a way that is useful to decision-makers. A static PDF is insufficient. Leaders need tools that enable them to compare locations, test scenarios, monitor exposure, and track changes in risk over time.
However, technology only matters if it leads to action. This is why businesses need thresholds. The issue is not whether a hazard exists in theory, but whether it reaches a level that could affect continuity, cost, safety or service delivery. In cybersecurity, vulnerabilities are rated, monitored and escalated. Climate risk requires the same approach.
Rather than being a mere statement of intent, Sustainability becomes part of how an organisation manages risk: it is measured, monitored, escalated and acted upon. The goal is not perfect prediction. No model can eliminate uncertainty. The goal is to make better decisions under uncertainty.
From raising awareness to achieving operating capability
Although sustainability teams have played a vital role in raising awareness of climate risk, they cannot be the only stakeholders in this issue. As climate risk affects capital investment, supply chain resilience and insurance, finance, procurement, operations and risk teams must also be involved.
This does not mean that every executive needs to become a climate scientist. Rather, it means that sustainability leaders increasingly need to act as translators between climate science and business functions, helping the organisation to understand the implications of the data for cost, continuity, exposure, resilience and value.
The next phase of climate leadership will not be defined by the most polished sustainability report. Rather, it will be defined by those who can use climate intelligence to make better decisions faster.
This is not easy. Climate science is complex, and many organisations do not yet have the necessary tools or internal capabilities to translate it into practical decisions. However, this should not be a reason for inaction. Just as companies have developed cybersecurity capabilities with the help of specialist providers, a growing ecosystem of data platforms, modelling tools, and advisory services now supports climate risk management.
Businesses do not need to solve the entire challenge alone. However, they must recognise that climate risk has become too significant to remain outside their operating model.
The organisations best prepared for climate volatility are those that incorporate climate intelligence into their live, data-driven, cross-functional operations, connecting them to real decision-making processes.
Liana Downey
Liana Downey is Head of Data Products and Services – Digital Services at SLR.
