82% of CISOs feel confident quantifying risk.

Boards most often ask CISOs for the following metrics: risk-reduction trendlines (51%), quantified business impact (47%), and incident-response performance metrics (40%).

72% of organizations across the U.S., U.K., France, Germany, and Australia reported that the security risks for their company have never been higher in 2025, marking a 17 point increase from 2024.

38% of risk leaders express concern over unintended actions from runaway processes, such as unauthorized transactions or incorrect pricing changes, as a risk from deploying agentic AI

15% of risk leaders are unaware if their organization is considering incorporating agentic AI into its operations or products.

In 2025, 40% of companies reported that they mostly or only use spreadsheets to manage risk, a decrease from 53% in 2024, indicating a significant shift towards software use in risk management.

In a comparison of executive roles, 34% of VP and C-level risk executives are not considering incorporating agentic AI into their operations, while only 20% of directors, managers, and below share this view, indicating a disconnect in AI adoption strategies.

Nearly two-thirds of risk leaders reported that their budgets have not changed at all this year.

Only 28% of risk leaders reported an increase in technology budgets in 2024, a figure that has remained unchanged over the past three years.

26% of companies globally report having no policies, formal training, budgets, or dedicated plans to address AI risks in 2025.

The percentage of companies globally that felt very prepared to manage AI risks has remained relatively flat over the past three years, with 9% in 2023, 8% in 2024, and 12% in 2025.

Only 15% of companies globally have a budget specifically directed at mitigating AI-related risks in 2025, which is about the same percentage as last year.

75% of companies globally report not having a dedicated plan to specifically address generative AI risks, including deepfakes and AI-driven fraud attacks in 2025.

Nearly 60% of risk leaders report that their companies are considering incorporating agentic AI solutions into their operations or products.

16% of risk leaders admitted they cannot monitor and assess the risks of their critical third-party tech partners at all in 2024.

60% of companies globally now have a chief risk officer as of 2024, an increase from 52% over the past two years, indicating a growing recognition of risk management as a priority.

8% of risk leaders indicated they can assess and monitor their tier 1 partners, their suppliers, and their suppliers’ suppliers in 2024.

Only 12% of companies globally feel very prepared to assess, manage, and recover from AI and AI governance risks in 2025, according to a recent study.

32% of companies globally have formally trained or briefed the entire company on risks related to generative AI in 2025, up from 19% in 2024 and 17% in 2023.

Thirty-nine percent of companies are not conducting worst-case scenario simulations, highlighting a critical gap in risk management practices that needs to be addressed.