GPM Perspectives · Governance & Disclosure
$901 Billion in Climate Risk, and No Decision Rights to Match
Why a $901bn climate risk figure will not move what needs to move
CDP, formerly the Carbon Disclosure Project, runs the global environmental disclosure platform that companies, cities, states, and regions use to report climate and environmental data. Its latest report, Disconnected Defenses: Extreme Weather Risk Across Corporates, Cities and Financial Systems, published in May 2026, puts a number on climate risk that will get cited in board decks and quarterly filings for the next year. Companies now project $901 billion in losses from extreme weather, with nearly half landing inside the next two years. The number is real. The reporting around it is doing what reporting tends to do, which is to describe an exposure without identifying where in the organization that exposure actually has to be answered. That is where the story stops being a finance story and becomes a governance story.
62% vs. 35%
Share of subnational governments reporting extreme weather impacts, compared with the share of disclosing companies treating those same events as financially material. (CDP, 2026)
Start with the gap CDP itself identifies. Sixty-two percent of subnational governments say they are already absorbing the impact of extreme weather. Only thirty-five percent of disclosing companies treat the same weather as material. CDP frames this as a perception problem. It is not. Local and regional governments own the assets that fail first in an extreme weather event. Roads, drainage systems, water utilities, substations, transit. They see the damage because the damage is on their balance sheet. Companies do not own most of that infrastructure, so the cost reaches them later, through delayed shipments, lost production hours, and supply chain interruption. The disclosure regime asks each company to assess its own materiality in isolation, which means the layer of the system most exposed to cascade failure is the layer least equipped to report it. The gap is structural, not behavioral.
The two-year timing carries a governance implication CDP does not name. Two-year horizons sit inside the operating plan, not the strategic plan. Decisions on that timeframe are made by plant managers, supply chain leads, procurement, and operations directors. They are not made by the sustainability function or by board climate committees, both of which work to longer cycles tied to disclosure deadlines and dated targets. In most organizations, climate authority sits in a separate track from operating authority. When the risk arrives at the operating layer, the people who can respond often lack the budget authority to act, and the people who hold the budget authority are working from a different timetable. Reporting cycles do not fix this. Reassigning decision rights does.
$528bn
Projected future losses from flooding, the single largest category. Damage realizes primarily as production disruption, not as asset impairment. (CDP, 2026)
The flooding figure points to a measurement problem that explains why disclosure data underrepresents real exposure. Flooding losses materialize as production disruption. Production is measured in units shipped, orders fulfilled, lines operating, and hours of uptime. Those numbers live in operations and are tracked weekly. They do not appear in climate risk registers, which are organized around asset impairment categories and insurance valuations. A company can hold an accurate TCFD disclosure, a current insurance appraisal, and a well-maintained risk register, and still carry no instrumentation on the metric that will actually move during a disruption, which is throughput. The reporting framework and the operating framework are not aligned, and disclosure quality cannot compensate for that misalignment.
The shared infrastructure point is where the integrity question sits, and where most reporting goes quiet. Corporate resilience depends on water systems, sewerage, transport networks, and the grid. No single company controls any of them. The disclosure regime treats this dependency as an externality, named in narrative sections of climate filings without a corresponding mechanism for action. The capital that would harden the shared assets sits with public agencies operating on different planning horizons under different accountability structures. There is no governance route by which a private firm can underwrite the public asset its production depends on. Voluntary partnerships are partial. Tax revenue is not allocated this way. The CDP language about coordinated action does not describe a mechanism that exists. The honest version is that the exposure is real, the decision authority to address it is fragmented across public and private actors, and no current framework reconciles the two.
48%
Share of disclosed physical climate risks expected to materialize, at least in part, within the next two years. This falls inside the operating plan, not the strategic plan. (CDP, 2026)
The risk in how this data gets translated for a business audience is the pull toward urgency. Urgency arguments produce commitments, pledges, and revised disclosures. They rarely produce changes in who holds which decision on what timeframe with what budget. The translation worth doing for the practitioner audience specifies three things. Which decisions actually move when extreme weather hits. Who currently holds those decisions, and whether that authority is matched to the timeframe. What part of the exposure cannot be addressed by the firm acting alone, and therefore requires a different governance instrument than corporate disclosure. That last item is the sentence most commentary removes because it does not resolve cleanly. It should stay. The disclosure layer has now done what it can. The next move is at the decision layer, and the reporting framework alone will not get it there.
Source: CDP (2026), Disconnected Defenses: Extreme Weather Risk Across Corporates, Cities and Financial Systems. Based on 2025 disclosures from 11,261 companies and 1,005 cities, states, and regions across 80 countries. Full report: cdp.net.
Dr. Joel Carboni Founder, GPM · Standards Builder · Regenerative Business Advocate Joel is widely recognized as a sustainability disruptor, standards builder, and global advocate for regenerative business practices. For more than three decades, he has worked at the intersection of sustainability, strategy, and governance, helping organizations translate ambitious sustainability goals into measurable, lasting impact. As the Founder of GPM (Green Project Management), Joel introduced the P5 Standard for Sustainability and the PRiSM methodology — pioneering frameworks that redefine how projects deliver value by integrating environmental, social, and governance considerations into project delivery. These models have since become recognized standards within leading global institutions, including the Project Management Institute (PMI) and the Institute of Management Accountants (IMA). Joel also contributes to the global sustainability agenda through his work with the Global Reporting Initiative (GRI), where he is involved in developing the new Pollution Standard, and through contributions related to the Paris Agreement and the UN Sustainable Development Goals. Beyond his work as a practitioner and standards developer, Joel is a Forbes contributor, a visiting professor at SKEMA Business School, and an advisor to governments and multinational organizations on how to embed ethics, sustainability, and regenerative thinking into business strategy and delivery. Recognition In 2025, Joel was recognized by Thinkers50 as a finalist for the inaugural Regenerative Business Award for his book Becoming Regenerative.
