In 2024, 62% of companies were using or planned to use AI for risk management, which is projected to rise to 70% by 2025, reflecting a significant increase in AI adoption.

Only 10% of leaders expressed a lack of confidence in their risk management data in 2025, down from 16% in 2024, reflecting a six-point improvement in trust towards risk data.

42% of companies are focusing more on risk management.

16% of risks identified through analysis are viewed as organizational concerns.

34% of risks identified through analysis are viewed as technology concerns.

45% of elements involved in risk analysis are related to technology procurement.

44% of elements involved in risk analysis are related to operational technology (OT).

38% of elements involved in risk analysis are related to data ownership.

45% of elements involved in risk analysis are related to use of cloud computing.

One third of companies surveyed say that risks are assessed informally.

49% of risks identified through analysis are viewed as cybersecurity concerns.

39% of elements involved in risk analysis are related to data classification.

56% of companies surveyed say that they are using a formal risk management framework.

1 in 5 organisations still admit their cyber practices are "immature".

Just 29% of organisations have a formal cyber program that is truly aligned with business objectives.

Cybersecurity and cyber risk leaders at organizations without full threat visibility have a burnout rate of 63%.

Just 28% of organisations say they are "very effective" at communicating cyber risk to leadership.

Rapidly expanding attack surfaces are cited by 38% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risk today vs five years ago.

47% of cybersecurity and cyber risk professionals report exhaustion (burnout).

Just 17% of organisations have tools to regularly map threats and contextualise them for full visibility.