We've curated 17 cybersecurity statistics about Risk Management to help you understand how organizations are identifying, assessing, and prioritizing risks, along with the latest practices and technologies being utilized to mitigate potential threats in 2025.
Showing 1-20 of 38 results
In 2025, 40% of companies reported that they mostly or only use spreadsheets to manage risk, a decrease from 53% in 2024, indicating a significant shift towards software use in risk management.
Only 10% of leaders expressed a lack of confidence in their risk management data in 2025, down from 16% in 2024, reflecting a six-point improvement in trust towards risk data.
60% of companies globally now have a chief risk officer as of 2024, an increase from 52% over the past two years, indicating a growing recognition of risk management as a priority.
66% of risk leaders stated they have reviewed and updated their IT and cyber risk management strategy in response to major disruptions such as the Crowdstrike outage or MOVEit breach
Thirty-nine percent of companies are not conducting worst-case scenario simulations, highlighting a critical gap in risk management practices that needs to be addressed.
In 2024, 62% of companies were using or planned to use AI for risk management, which is projected to rise to 70% by 2025, reflecting a significant increase in AI adoption.
49% of risks identified through analysis are viewed as cybersecurity concerns.
45% of elements involved in risk analysis are related to technology procurement.
39% of elements involved in risk analysis are related to data classification.
45% of elements involved in risk analysis are related to use of cloud computing.
16% of risks identified through analysis are viewed as organizational concerns.
44% of elements involved in risk analysis are related to operational technology (OT).
38% of elements involved in risk analysis are related to data ownership.
56% of companies surveyed say that they are using a formal risk management framework.
42% of companies are focusing more on risk management.
One third of companies surveyed say that risks are assessed informally.
34% of risks identified through analysis are viewed as technology concerns.
47% of cybersecurity and cyber risk professionals report exhaustion (burnout).
Rapidly expanding attack surfaces are cited by 38% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risk today vs five years ago.
1 in 5 organisations still admit their cyber practices are "immature".