Articles about risk

New research from Osterman and Silverfort reveals that although nearly 70 percent of organizations believe their identity defenses are ‘mature’ there is a worrying gap between perception and reality.

This comes against a rising tide of identity threats, 72.1 percent of identity leaders report that the threat level of identity-related attacks has increased or remained unchanged in the past year. The most significant jumps include AI-powered attacks, ransomware-based attacks, and social engineering of desk staff to reset credentials or MFA factors (up 14.3 percent).

Continue reading →

A new study reveals that that 90 percent of leaders find managing cyber risks harder today than they did five years ago, resulting in higher reports of burnout (47 percent), including more than one in ten who say they’re on the verge of quitting.

The report from Bitsight shows the leading causes of poor cyber risk management, and therefore burnout, include an explosion of AI (39 percent), and rapidly expanding attack surfaces (38 percent).

Continue reading →

New threat intelligence from Zimperium reveals over five million unsecured public Wi-Fi networks have been detected globally since the beginning of 2025, with a staggering 33 percent of users still connecting to these open networks, putting enterprise data at risk in the process.

“Mobile devices are now a primary gateway to corporate data, but during travel, they’re also the most vulnerable,” says Kern Smith, VP of global solutions  at Zimperium. “Unsecured Wi-Fi, phishing disguised as travel alerts, and risky sideloaded apps are creating an ideal attack surface for cybercriminals -- especially in peak travel months.”

Continue reading →

According to a new report 39 percent of security professionals say they struggle to prioritize risk remediation and patch deployment, with 35 percent saying they struggle to maintain compliance when it comes to patching vulnerabilities.

The study from Ivanti also finds 87 percent of security pros feel they do do not have access to the critical data needed to make informed security decisions. In addition 46 percent believe IT teams lack urgency when addressing cybersecurity problems.

Continue reading →

A newly released survey of US regulatory compliance professionals shows 63 percent say that technology-driven risk is the most significant market force likely to cause compliance issues for US financial services firms in 2025.

Other forces cited are global economic instability (58 percent), increasing regulatory complexity (48 percent), digital assets and crypto markets (37 percent each) and geopolitical instability (20 percent).

Continue reading →

Artificial intelligence (AI) is transitioning from an emerging technology to a business mainstay. While many businesses are already reaping the benefits of strategic AI implementation, others are adopting AI solutions without first considering how to integrate the tools strategically. While some AI tools offer tangible gains in automation and efficiency, others overpromise and underdeliver, leading to costly investments with little return.

Distinguishing marketing buzz from real-world impact is critical for businesses looking to make AI a true driver of operational success. Despite AI’s potential, many businesses fall into common pitfalls that prevent them from realizing the full value of innovative technology. From unclear objectives to poor integration and security risks, these challenges can turn AI from a competitive advantage into an expensive mistake.

Continue reading →

Artificial intelligence has claimed a huge share of the conversation over the past few years -- in the media, around boardroom tables, and even around dinner tables. While AI and its subset of machine learning (ML) have existed for decades, this recent surge in interest can be attributed to exciting advancements in generative AI, the class of AI that can create new text, images, and even videos. In the workplace, employees are turning to this technology to help them brainstorm ideas, research complex topics, kickstart writing projects, and more.

However, this increased adoption also comes with a slew of security challenges. For instance, what happens if an employee uses a generative AI service that hasn’t been vetted or authorized by their IT department? Or uploads sensitive content, like a product roadmap, into a service like ChatGPT or Microsoft Copilot? These are some of the many questions keeping security leaders up at night and prompting a need for more visibility and control over enterprise AI usage.

Continue reading →

In the film Sliding Doors, a split second choice leads to two branching stories -- yet while the two stories are very different, they both lead to hospital trips and potential tragedy. The world of cyber security is similar. Whatever decisions we make, we are still under pressure and we will -- eventually, whatever we do -- end up facing significant risk.

Yet how do we show that we are doing a good job? If everything is working, there is nothing to see. Or have we collectively just been lucky to that point? Unless you have an active attack taking place, you can argue that your efforts are enough. But when you only look at a single point in time, it is a challenge to show that you are making a difference and reducing risk.

Continue reading →

Analysis of 965 commercial codebases across 16 industries during 2024 by Black Duck Software finds 86 percent contain open source software vulnerabilities and 81 percent high- or critical-risk vulnerabilities.

Black Duck's Open Source Security and Risk Analysis (OSSRA) report also shows that the number of open source files in an average application has tripled from around 5,300 in 2020 to more than 16,000 in 2024.

Continue reading →

In the last few years, we have witnessed some of the most seismic changes to the IT security landscape -- from global pandemics and geopolitical issues to a global energy crisis, growing cybersecurity threats, multiple country elections, and subdued economic conditions. But regardless of stretched IT and cybersecurity budgets, and a significant IT skills shortage, threat actors continue to innovate as cyber threats evolve at breakneck speed. Organizations have no choice but to defend themselves.

Today, cyberattacks are increasingly targeting small to medium-sized enterprises (SMEs), according to JumpCloud’s latest Q3 2024 SME IT Trends Report. Forty-four percent of UK SMEs have been victims of cybersecurity attacks. Nearly two-thirds (60 percent) report multiple attacks in 2024. Smaller organizations often lack the manpower of larger corporations, with nearly half (48 percent) of UK survey respondents claiming that despite their best efforts, they lack the resources and staff to secure their organization against cybersecurity threats. This is compounded by a lack of access to skilled cybersecurity professionals, with many SMEs having IT teams consisting of only one or two people.

Continue reading →

A new study from managed detection and response specialist Critical Start shows concerns about unknown risks have increased 17 percent compared to last year, with 86 percent naming them as a top issue.

The research, conducted in partnership with Censuswide, finds 66 percent of businesses report limited visibility and insight into their cyber risk profiles and 65 percent of executives express concerns over misalignment between cybersecurity investments and the organization's risk reduction priorities.

Continue reading →

AI is exploding, particularly as large language models (LLMs) have infiltrated everyday life. Almost every new mainstream product seems to promote some usage of AI, and industry after industry is being transformed by its capabilities. But despite AI’s potential, some sectors have been slow to adopt it. Risk management is one of them. Fortunately, that is starting to change.

According to a 2023 Deloitte study, only 1.33 percent of insurance companies had invested in AI. Data from this year indicates a shift is underway. In Conning’s 2024 survey, 77 percent of respondents indicated that they are in some stage of adopting AI somewhere within their value chain. This may sound a bit nebulous -- some stage, somewhere -- but it represents a sizable jump from the 61 percent of respondents the prior year. Additionally, 67 percent of insurance companies disclosed they are currently piloting LLMs.

Continue reading →

Research released by KnowBe4 shows that 75 percent of security professionals have witnessed employees displaying risky security behaviors at work and 62 percent admit to risky behavior themselves.

Top risky things that cybersecurity pros admit to include using entertainment or streaming services (33 percent), using GenAI within the organization (31 percent), sharing personal information (14 percent), using gaming or gambling websites at work (10 percent) and using adult entertainment websites (two percent).

Continue reading →

A new study from cloud-based risk management platform AuditBoard finds 78 percent of organizations are tracking AI as an emerging risk while simultaneously adopting the technology themselves.

The report, based on a survey of over 400 security professionals in the US, finds more than half of enterprises surveyed report using AI to improve efficiency and enhance their digital risk posture.

Continue reading →

Two-thirds of organizations responding to a new survey list cyber risk concerns as the most important drivers for implementing a zero-trust strategy.

A new report from the Entrust Cybersecurity Institute, based on research by the Ponemon Institute, shows the pattern is even more pronounced in the US, with 50 percent of organizations citing cyber breach risk and 29 percent reporting the expanding attack surface for a combined total of 79 percent.

Continue reading →