42% of companies are focusing more on risk management.

56% of companies surveyed say that they are using a formal risk management framework.

38% of elements involved in risk analysis are related to data ownership.

44% of elements involved in risk analysis are related to operational technology (OT).

16% of risks identified through analysis are viewed as organizational concerns.

One third of companies surveyed say that risks are assessed informally.

Just 17% of organisations have tools to regularly map threats and contextualise them for full visibility.

The explosion of AI is cited by 39% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risks today vs five years ago.

Just 29% of organisations have a formal cyber program that is truly aligned with business objectives.

The percentage of breaches tied to third parties doubled from the previous year.

47% of cybersecurity and cyber risk professionals report exhaustion (burnout).

Rapidly expanding attack surfaces are cited by 38% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risk today vs five years ago.

Cybersecurity and cyber risk leaders at organizations without full threat visibility have a burnout rate of 63%.

Organisations with strong asset visibility are 2.5 times more likely to communicate cyber risk effectively to the board

Nearly all organisations (99%) assess vendor risk.

Only a third of organisations monitor third-party relationships over time.

Only 17% of organisations have the capability for continuous monitoring, despite it being a top priority.

Cybersecurity and cyber risk leaders at organizations with full threat visibility experience a significantly lower burnout rate of 44%.

Just 28% of organisations say they are "very effective" at communicating cyber risk to leadership.

90% of surveyed cybersecurity and cyber risk leaders find managing cyber risks harder today than five years ago.