39% identify AI security and risk management frameworks as their top priority for reducing cyber risk over the next three years.

85% believe Cyber Resiliency is transforming how IT and Security organizations approach cyber risk.

Only 16% of organisations are measuring the potential financial impact of cyber risks (risk quantification) to a significant extent.

Cyber risk incidents are reported as rising 22 percent in 2025.

13% of small businesses believe they are less vulnerable to cyber attacks, despite the risks.

92% of organisations attribute at least some data loss to departing employees. This is up from 73% last year.

61% of cybersecurity professionals plan AI adoption as manufacturing faces increasing cyber risks.

61% of cybersecurity professionals plan AI adoption as manufacturing faces increasing cyber risks.

Rapidly expanding attack surfaces are cited by 38% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risk today vs five years ago.

Just 28% of organisations say they are "very effective" at communicating cyber risk to leadership.

Cybersecurity and cyber risk leaders at organizations without full threat visibility have a burnout rate of 63%.

Organisations with strong asset visibility are 2.5 times more likely to communicate cyber risk effectively to the board

Nearly all organisations (99%) assess vendor risk.

Just 17% of organisations have tools to regularly map threats and contextualise them for full visibility.

Cybersecurity and cyber risk leaders at organizations with full threat visibility experience a significantly lower burnout rate of 44%.

Only 17% of organisations have the capability for continuous monitoring, despite it being a top priority.

Only a third of organisations monitor third-party relationships over time.

The percentage of breaches tied to third parties doubled from the previous year.

90% of surveyed cybersecurity and cyber risk leaders find managing cyber risks harder today than five years ago.

The explosion of AI is cited by 39% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risks today vs five years ago.