Introduction
In July 2025, the UK Government published its first Chronic Risks Analysis, identifying 26 long-term stressors facing the United Kingdom across seven broad themes: security; technology; geopolitical; environmental; societal; biosecurity (including health); and economic.
What makes this publication distinctive is that the analysis explicitly recognised the systemic nature of these chronic stresses and documented the relationships between them. This represents a significant analytical step forward.
The Government paper identifies the risks, characterises their interactions, and documents a network of dependencies and influences. They did the hard work. Our analysis takes that foundation and asks: what does the structure of this network of risks reveal?
This analysis uses risk network modelling to analyse the structure of the UK’s chronic risks – not the risks in isolation, but the connections between them. Network analysis reveals patterns invisible in traditional presentation: which risks function as transmission mechanisms connecting threat domains; which risks are upstream drivers shaping the broader landscape; which amplify inputs with potentially disproportionate effects; and where do consequences from across the system converge.
Our analysis is not a critique of the CRA but an extension of it. The insights that follow are only possible because the Government took the innovative step of mapping relationships rather than analysing risks in isolation. All our findings are derived from the Government’s published risk relationships; no new risks or linkages are introduced.
Summary
Network analysis of the UK’s Chronic Risks Assessment reveals structural patterns that transform how we understand the threat landscape.
Our analysis reveals a system of tightly interconnected chronic stresses. Unlike acute risks, which can be assessed in isolation, chronic stresses are persistent conditions that shape and reinforce one another. Failures, or interventions, in one area propagate across multiple domains.
Our analysis also reveals communities – clusters of risks more tightly connected to each other than to the broader network – and identifies where amplification occurs: nodes where arriving effects intensify rather than simply accumulate.
Five to seven risks emerge as critical pressure points – these nodes simultaneously drive effects outward and receive amplified impacts from multiple sources. The exact number varies slightly with propagation assumptions, but the core group remains consistent. These risks are both cause and consequence within the model, representing the UK’s most significant strategic vulnerabilities and the highest-leverage opportunities for coordinated intervention.
A Tightly Coupled Risk Network
Each risk in the chronic risks network is connected to approximately eleven others – that’s nearly half the entire system – illustrating just how densely coupled the chronic risk landscape is. This degree of coupling is expected and appropriate for a policy network where chronic stressors naturally influence one another, but it carries critical implications.
First, isolated interventions is likely to consistently underperform. Addressing any single risk without accounting for its connections to others is likely to produce limited results, or worse, unintended consequences elsewhere in the system.
Second, silos create analytical blind spots. Security risks are shaped by technological developments, environmental changes, and economic factors. The network structure does not respect thematic boundaries, and neither should our risk management frameworks.
Third, scenarios involving multiple simultaneous stresses are structurally normal, not exceptional. Given the density of connections, a significant shock to any chronic risk will propagate. Scenario planning that treats compound events as unlikely ‘perfect storms’ underestimates how systemic risk behaves.
What Drives the Risk Network
Not all risks are equal in their systemic importance. Some sit at the centre of the network, connected to many other well-connected risks, positioned on critical pathways, wielding influence that extends beyond their immediate domain.
Serious and Organised Crime: The Transmission Mechanism
Serious and organised crime emerges as the single most structurally influential factor in the chronic risks network – and this should reframe how we understand it. Its central network position reveals something significant: organised crime functions as a transmission mechanism linking multiple threat domains.
It receives inputs from emerging financial systems (which create new laundering channels), AI capabilities (which enable sophisticated fraud), digital platform proliferation (which provides new attack surfaces), and weakened international institutions (which reduce enforcement coordination). Simultaneously, it enables and amplifies fraud, terrorism financing, state threat activities, and the exploitation of vulnerable populations. Organised crime is not merely a security problem – it is a thread linking economic, technological, and security risks into a coherent threat ecosystem.
Climate Change: The Upstream Driver
Climate change shares the highest total connectivity count with organised crime but operates in a fundamentally different way. Examining the direction of its connections reveals that climate change primarily transmits effects outward. It drives biodiversity loss, supply chain disruption, competition for critical minerals, food security challenges, and antimicrobial resistance.
Aside from pollution, the drivers for climate change sit largely outside the chronic risks network (energy policy, technology adoption). This makes climate change a foundational condition that shapes the broader chronic risk environment. It requires long-term strategic attention precisely because its effects compound and propagate widely, but interventions within the chronic risk framework cannot easily address its causes.
Artificial Intelligence: The Force Multiplier
The use and capability of artificial intelligence ranks modestly in overall structural influence but exhibits the most asymmetric connection pattern of any risk factor: it receives inputs from relatively few sources but transmits effects to a remarkably large number of other risks.
This pattern suggests AI functions as a force multiplier – modest inputs generate disproportionate downstream effects. AI capabilities amplify cyber threats, enable sophisticated disinformation campaigns, provide new tools for organised crime and terrorism, enhance state surveillance capabilities, and accelerate capability development across multiple threat domains. The implication: AI governance offers unusually high systemic leverage. Successfully shaping AI development and deployment could have multiplicative benefits across the entire risk landscape; failure to do so could accelerate deterioration in multiple domains simultaneously.
Where Effects Converge
While some risks drive effects outward, others function as convergence points, the downstream locations where consequences from multiple sources accumulate. Understanding these accumulation points is essential for anticipating where systemic stress will become visible and where resilience investments may be most needed.
Vulnerable Populations: The Primary Accumulator
Disproportionate impact on vulnerable persons emerges as the network’s primary convergence point – the location where the highest concentration of cascading effects accumulates. With inbound connections from pollution and environmental degradation, terrorism, organised crime, demographic change, skills shortages, and AI displacement, this node functions as a terminal accumulator where stress disproportionately impacts those least able to absorb it. This has both ethical and practical implications: vulnerable populations are where systemic failures become visible first, and where social cohesion is most likely to fracture under sustained pressure.
There is something notable in the Government’s risk naming: ‘disproportionate impact’ captures what network analysis reveals – a convergence point where effects accumulate disproportionately. Whether this reflects deliberate systems thinking or well-calibrated intuition, our analysis validates the characterisation. It suggests that careful risk framing can capture systemic properties even without formal network methods – and that network analysis can, in turn, confirm or challenge such intuitions.
The Evolution of Terrorism
Changes in the nature of terrorism represent the network’s second-highest convergence point, shaped by multiple upstream factors: technological advancement enabling new capabilities, online platforms facilitating self-radicalisation, organised crime providing financing and logistics, state actors offering support or sanctuary, and AI amplifying both recruitment and operational capabilities.
These enabling factors combine synergistically rather than additively. AI-enabled targeting, encrypted communications, cross-border financing, the exploitation of societal grievances such as a lack of skills and jobs; the threat evolution is not simply ‘terrorism plus technology’; it is a qualitatively different phenomenon emerging from the intersection of multiple chronic stresses.
These two convergence points illustrate different faces of systemic amplification. In vulnerable populations, consequences from across the network accumulate on those least equipped to absorb them. In terrorism, enabling factors combine to create qualitatively new threat capabilities. Both demonstrate why network position matters: nodes at convergence points experience effects that exceed what any single input would predict.
The Critical Pressure Points
A significant finding is five risks that rank highly for both influence and vulnerability. These are the network’s pressure points:
- Serious and Organised Crime: Transmission mechanism linking economic, technological, and security domains
- Disproportionate Impact on Vulnerable Persons: Societal stress endpoint where consequences from all domains converge and amplify
- Changes in the Nature of Terrorism: Combined enablers producing fundamentally new threat capabilities
- Fraud and Illicit Finance: Dual-function node both enabled by and enabling organised crime, state threats, and emerging financial systems; a critical amplifier within the security-economic nexus
- Disinformation and Misinformation: High influence through erosion of institutional trust; amplified by AI capabilities and platform proliferation
The presence of both Serious and Organised Crime and Vulnerable Populations on the ‘pressure points’ list is particularly significant. Together they bookend the chronic risks network – what enters through organised crime often exits through impacts on the vulnerable. Interventions targeting any single pressure point will generate cascading effects – both positive and negative – throughout the risk network.
Strategic Implications
The Limits of Assigned Ownership
Risk management frameworks typically assign ownership of individual risks to specific functions or individuals. This approach assumes risks can be ‘owned’ and managed in isolation. Network analysis reveals the limitations.
Consider fraud and illicit finance. They are driven by a combination of technological, institutional, and geopolitical factors. These include the use of AI to generate convincing synthetic content, the growth of financial systems such as cryptocurrencies with limited regulatory oversight, and the expansion of digital platforms that increase attack surfaces. Shortages in cybersecurity and financial crime expertise weaken organisational defences, while state actors exploit opaque financial channels to pursue strategic objectives. At the same time, fraud and illicit finance function as enabling mechanisms for organised crime, terrorist financing, and the amplification of cyber threats. This creates a structural challenge for the risk owner: the most effective levers for reducing these risks lie largely outside their direct control, dispersed across technology governance, financial regulation, workforce development, and international coordination.
Network analysis can help inform policy and governance structure, ensuring that risks with cross-domain drivers receive cross-domain coordination mechanisms – a significant step forward from simply assigning owners accountable for outcomes they cannot control.
Where Interventions Have Leverage
Not all points in a risk network offer equal opportunity for intervention. Addressing downstream accumulators – where consequences converge – may alleviate symptoms but not the flow of effects arriving from upstream. Conversely, interventions at upstream transmitters can generate cascading benefits across multiple connected risks.
Consider Artificial Intelligence, which exhibits the most asymmetric pattern in the network: few inputs, many outputs. AI capabilities flow outward to enable fraud, amplify disinformation, enhance cyber threats, accelerate organised crime, and augment terrorism. This upstream position means that effective AI governance – shaping how these capabilities develop and deploy – could generate cascading benefits across multiple downstream risks. Conversely, failure to address AI effectively doesn’t simply increase ‘the AI problem’, it accelerates deterioration across the risk landscape.
Network analysis distinguishes between these positions. It identifies which risks function as sources, which as transmission mechanisms, and which as endpoints. This has direct implications for intervention design: efforts focused on convergence points will require constant reinforcement, while efforts targeting transmitters may prove self-sustaining as reduced effects propagate forward through the system.
Compound Events Are Structural
Scenario planning often treats compound events – multiple risks materialising simultaneously – as “perfect storms” with correspondingly low-probability likelihoods. Network analysis challenges this assumption. In a densely connected system, correlation between risks is not coincidental but structural. A shock to one risk propagates to its neighbours; their deterioration affects their neighbours in turn.
Consider global supply chains – not simply the physical infrastructure of ships and ports, but the channels through which critical minerals, food, energy, and pharmaceuticals flow across borders. These supply chains face threats from multiple directions: climate disruption, state actors seeking to control critical resources, and organised crime exploitation.
Simultaneously, the same channels that distribute legitimate goods can distribute animal diseases, foodborne pathogens, and plant pests – while the supply chains themselves contribute to climate change if not decarbonised. When we stress-test against “supply chain disruption” as an isolated scenario, we miss that disruption arrives from multiple sources simultaneously and propagates outward through multiple pathways. The compound event is the structural reality, not the exception.
The implication: scenarios involving multiple simultaneous stresses are not exceptional but expected behaviour of coupled systems. Stress testing single-factor scenarios will systematically underestimate actual vulnerability. Realistic scenario design must account for the transmission pathways that connect risks, not merely their individual probability distributions.
Methodology
This analysis applies network science methodologies to the UK Government’s Chronic Risks Assessment. The underlying data comprises 26 chronic risk factors and the documented relationships between them as identified in official assessments. Relationships represent influence, dependency, or enabling connections between risks.
Model Sensitivity: Cascade vulnerability rankings are influenced by propagation parameters – the assumed strength and attenuation of effects as they traverse relationships. Different parameter choices produce variations in absolute vulnerability scores and can shift rankings at the margins. The structural influence rankings (based on network topology) are parameter-independent and highly stable. The pressure points identified in this analysis appear consistently across reasonable parameter ranges; nodes at the boundary of the top tier may move in or out depending on assumptions. This is expected behaviour in network analysis and reflects genuine uncertainty about transmission dynamics rather than analytical artefact.
Structural influence: Rankings use multi-algorithm consensus analysis – combining measures of connection quality (influence through well-connected neighbours), inherited importance (significance derived from linking nodes), and pathway control (position on critical routes through the network). Vulnerability analysis simulates cascade effects from multiple origin points to identify where consequences accumulate.
The analysis does not introduce new risk factors or relationships; rather, it reveals the structural implications of existing documented connections. Nodes classified as ‘divergent’ indicate that different analytical approaches identify different roles – a sign of genuine context-dependent importance rather than data quality issues.
Beyond the structural analysis presented here, our analytical platform offers additional capabilities for deeper investigation of specific policy concerns:
- Community detection: Identifies clusters of risks that reveal thematic groupings not aligned with policy boundaries.
- Bridge analysis: Identifies the specific connections that link otherwise separate communities.
- Path analysis: Maps the routes between any two risks, revealing dependencies that may not be obvious from adjacency alone.
- Propagation simulation: Traces how shocks cascade through the network.
Analysis conducted using the Risk Insights Explorer platform, developed by Risk Insights Ltd.
[1] https://www.gov.uk/government/publications/chronic-risks-analysis
[2] As noted in the Chronic Risks Analysis, end-to-end encryption is a rapidly evolving risk. Analysis of both the short and long-term impacts, and implications for the UK’s resilience system, are under review.