The numbers from 2025 should give any mobility manager pause. 89% of business travellers experienced some form of disruption – the highest figure on record, up from 77% just two years prior. 57% of organisational leaders now report that new risks are emerging faster than their management systems can adapt.
That gap – between the pace of risk and the pace of response – is where people get hurt, where companies get sued, and where careers end. Closing it starts with taking the travel risk assessment seriously as a living document rather than a compliance checkbox.
Here’s what that looks like in practice.
Duty of care is a legal obligation, and the courts have been clarifying this for years.
The landmark case is Dusek v StormHarbour Securities LLP, a fatal helicopter crash in the Peruvian Andes. The court established what’s now called the “Proportionality Principle”: routine travel between stable cities requires minimal scrutiny, but high-risk or specialist transport demands an exhaustive, independent review of the operator’s safety record and pilot qualifications. The judge’s conclusion was blunt. A competent travel risk assessment would have identified the foreseeable hazards and prevented the trip entirely. Doing nothing was ruled a positive breach of duty — one that neither insurance nor delegation could fix.
The statutory picture reinforces this at every turn. In the UK, the Health and Safety at Work Act 1974 requires employers to ensure employee safety globally, “so far as is reasonably practicable.” The Corporate Manslaughter Act adds the possibility of criminal charges where management failures in travel safety result in a fatality. In the US, OSHA’s General Duty Clause has been extended by the courts to cover work-related travel. Australia imposes significant fines for failures during international assignments. The legal exposure is real, it is cross-border, and it is growing.
And it’s not just physical safety anymore. Courts have increasingly recognised burnout, isolation, and anxiety as “foreseeable harms” from business travel, affecting 78% of travellers. A risk assessment that ignores psychological impact is, by that standard, legally incomplete.
If you haven’t built your TRM programme around ISO 31030:2021, now is the time. Initially framed as guidance, portions of the standard have since moved toward certification, shifting the conversation from what organisations should do to what they must demonstrate as a reasonable standard of care.
The framework covers the full lifecycle of a trip: governance and policy (including appointing a dedicated TRM lead), pre-trip risk assessment, tiered authorisation for high-risk travel, real-time alert systems with verified read receipts, and documented evacuation and medical response plans.
The 2025–2026 updates are worth noting specifically. The standard has expanded to address information security and human manipulation, the role of drones, and new legal duties linking anti-harassment obligations to business travel. Certification now extends beyond the organisation itself to the vendors and third-party specialists it relies on – ensuring an unbroken chain of accountability.
That last point matters practically. If your ground transport provider in Lagos or your hotel partner in Riyadh hasn’t been vetted to a documented standard, you have a gap worth closing.
For a travel risk assessment to hold up – in an audit, in litigation, in a board conversation – it needs to be data-driven.
The 5×5 matrix is the practical tool for this. Risk is calculated as Probability × Impact. Each axis runs from 1 to 5. Probability ranges from “Rare” (under 5% annual likelihood) to “Almost Certain” (occurring multiple times per year in the sector). Impact runs from “Insignificant” (minor inconvenience) to “Severe” (potential fatality or business failure).
The resulting score drives your response. Scores of 1–4 are acceptable; standard procedures apply. Scores of 10–16 require active mitigation – you don’t just note the risk, you act on it. Scores of 17–25 are unacceptable; the activity must cease.
This is the difference between a defensible decision and an indefensible one.
The defining characteristic of risk in 2026 is convergence. A political crisis arrives with supply chain disruption, misinformation, and sometimes a disease outbreak. Geopolitical instability is cited as the top driver of global uncertainty by 47% of organisations. 27% reported significant disruption from the effects of misinformation alone in 2025.
Country-level risk ratings are no longer sufficient. Assessments need to get to the neighbourhood level: police presence, proximity to medical facilities, and specific risks to specific traveller profiles.
The financial toll deserves a moment of attention. In 2025, 56% of travellers experienced delays of more than an hour, and 36% faced outright cancellations. The US alone absorbed over $17 billion annually in disruption-related costs. When travellers rebook on the move, costs run on average 27% higher. The average disrupted trip costs nearly five hours of productivity. These are line-item figures, not abstract concerns.
On the health side, specific 2026 alerts include meningococcal disease in the Democratic Republic of the Congo, increased yellow fever reporting in Venezuela, a chikungunya outbreak in Mayotte, and fatal heatstroke risk in the UAE and Gulf States during peak months. These belong inside your assessment templates, not left to travellers to find on a government website the night before departure.
This point tends to generate polite nodding in meetings and then disappear into the appendix of a travel policy. The risk, however, is concrete.
Women continue to face a meaningful safety gap: 72% report feeling at higher risk of assault and harassment during business trips, with the gap particularly acute in countries including Malaysia, Italy, and Australia. A proper TRA addresses this with concrete protocols – pre-vetted transport, accommodation security reviews, neighbourhood lighting assessments – rather than general advice to stay alert.
60 countries criminalise same-sex relationships, yet only 13% of companies currently provide specific travel information for LGBTQ+ employees. The risk here includes legal detention. Organisations need to assess whether behaviours considered ordinary at home are illegal at the destination, and provide explicit “know your rights” briefings accordingly.
Cyber attacks targeting business travellers tripled in early 2024 and have continued to intensify through 2026. Travellers are uniquely exposed: hotel Wi-Fi, airport networks, unfamiliar devices. If a hacker steals sensitive client data because an employer failed to mandate a VPN, the employer has breached their duty of care twice — once to the employee and once to the client.
The core requirements are well established: mandatory VPNs on all devices, “burner” devices with minimal data for high-risk jurisdictions, destination-specific training on social engineering and phishing, and GDPR-compliant location tracking. The investment is modest relative to the exposure.
Remote work has created a compliance liability that most mobility teams are still working to get ahead of. Only 22% of companies can currently track employees working abroad without informing their employer. These “hush trips” are not just a curiosity – they are a live safety and legal exposure.
A traveller detained for working on the wrong visa is not merely a compliance failure. It is a primary safety incident. Modern AI-driven compliance tools can now automate visa and permit requirements, flag permanent establishment tax risk, and monitor stays against tax residency thresholds – worth evaluating seriously if they’re not already part of your programme.
The shift worth internalising is this: a travel risk assessment is not a document you produce before a trip. It is a process that runs before, during, and after every journey.
Only 35% of organisations are confident they can mobilise teams fast enough during a crisis. The organisations that manage it well have already built the infrastructure: tiered authorisation where low-risk trips get standard approval and extreme-risk trips get board-level sign-off or immediate cessation; real-time monitoring of traveller location and local conditions; and post-trip debriefs that actually feed back into the risk framework rather than being filed neatly away.
The practical steps are manageable, even when the landscape feels anything but.
Appoint someone to own travel risk management –not as a side task, but as a defined function that connects HR, Legal, and Security. Align your policies to ISO 31030 as the minimum standard. Replace subjective risk calls with scored assessments using the 5×5 matrix. Build explicit protocols for women and LGBTQ+ travellers. Close your cybersecurity gaps. Get visibility on your remote workforce before an incident forces the issue.
57% of organisational leaders already report that new risks are emerging faster than their management systems can adapt. The job of global mobility in 2026 is to close that gap – not with more paperwork, but with better systems, clearer accountability, and the willingness to say “this trip should not happen” when the evidence demands it.
Your people are depending on that judgment.
A solid travel risk assessment protects employees and maintains compliance during corporate travel. Address these risks, proactively mitigate them, and you will avoid nasty fines for non-compliance or worse.
But it’s 2025: you don’t need to track and monitor these risks yourself, particularly the complex and constantly changing regulatory landscape of foreign countries—we do it for you.
Our AI-powered travel compliance assistant gives you everything you need to enter a country—for any reason. From work visas, permits, and weird compliance smallprint, our global compliance experts will guide you through a track risk assessment every step of the way.
Yes! Even if employees are returning to the same destination, it’s crucial to review and update the travel risk assessment for any new risks or changes in the location.
International assessments are more complex—for example, involving additional considerations like tax implications, compliance with international laws, and geopolitical concerns that don’t apply to domestic travel.
Yes, there are helpful free travel risk assessment resources, including government advisories and industry publications. These can give you a solid foundation without breaking the bank.
Technology helps track and monitor real-time changes in a country’s environmental, political and economic conditions. Centuro Global offers an AI-driven travel compliance assistant that provides tailor-made advice, in real-time, for companies and employees (with expert human legal support). Try it out now.
Discover more global trends, mobility and travel regulation updates and company news.
Centuro Global is proud to announce that we have won the ‘Best Business Travel Management’ award at the Forum for Expatriate Management’s (FEM) Americas Expatriate Management & Mobility Awards 2026 (EMMAs).
A guide for Authorising Officers, HR managers, and anyone responsible for managing a UK Sponsor License. This guide gives you a working understanding of your obligations as a sponsor licence holder, outlining the key duties you must follow and the consequences of non-compliance to ensure you maintain your licence.
The European Union’s new digital border control system, the Entry/Exit System (EES), is now fully operational across all Schengen Area borders as of 10 April 2026. This is a significant change in how British citizens and other non-EU nationals will enter and exit the Schengen Area, with major implications for business travel, compliance and border processes.
Discover how we can help your team with immigration, business travel and global expansion.
Book a call
