We've curated 28 cybersecurity statistics about Risk to help you understand how organizations are identifying, assessing, and mitigating potential threats to their data and systems in 2025. Stay informed on best practices and evolving challenges!
Showing 1-20 of 248 results
75% of leaders express concern about the geopolitical risks of storing and managing data in global cloud environments.
82% of CISOs feel confident quantifying risk.
Boards most often ask CISOs for the following metrics: risk-reduction trendlines (51%), quantified business impact (47%), and incident-response performance metrics (40%).
About 75% of the more than 10,000 Model Context Protocol (MCP) servers were built by individuals without enterprise-grade protections in 2025.
96% of organizations surveyed experienced data loss or exposure from misdirected email in the past year.
95% of organizations surveyed reported measurable business impact due to misdirected email, including remediation costs, compliance violations, or damage to customer trust.
47% of security and IT professionals learn of misdirected emails from recipients rather than from security tools.
97% of security and IT pros surveyed believe behavioral AI can help prevent accidental data loss before it occurs.
31% of organizations say redundant or obsolete data poses significant risk.
82% of the more than 10,000 Model Context Protocol (MCP) servers interact with sensitive APIs, creating additional vulnerabilities in 2025.
98% of security leaders consider misdirected email a significant risk.
Misdirected emails accounted for 27% of all data protection incidents under the GDPR last year.
58% of organizations attribute their most significant data loss events to careless employees or third-party contractors.
The average enterprise spends over 400 hours per year managing false positive alerts from data loss prevention (DLP) or email security tools.
Misdirected emails contributed to over $1.2 billion in fines worldwide last year.
40% of the more than 10,000 Model Context Protocol (MCP) servers created in under a year had no license in 2025.
39% identify AI security and risk management frameworks as their top priority for reducing cyber risk over the next three years.
9 working weeks per year are spent on vendor security reviews and risk assessments, compared to 7 weeks the previous year.
72% of organizations across the U.S., U.K., France, Germany, and Australia reported that the security risks for their company have never been higher in 2025, marking a 17 point increase from 2024.
90-100% of AI-generated code contains excessive inline commenting, which dramatically increases computational burden and makes code harder to check.