Managing cyber risks is getting harder


A new study reveals that that 90 percent of leaders find managing cyber risks harder today than they did five years ago, resulting in higher reports of burnout (47 percent), including more than one in ten who say they’re on the verge of quitting.
The report from Bitsight shows the leading causes of poor cyber risk management, and therefore burnout, include an explosion of AI (39 percent), and rapidly expanding attack surfaces (38 percent).
New tool helps organizations ignore CVEs


Ignoring vulnerabilities and exposures may not seem like a good idea, but conventional strategies rely heavily on vulnerability severity (CVSS) and exploitability indicators (EPSS), which ignore whether vulnerabilities are exploitable or already mitigated by existing defenses in a specific organization.
More than 40,000 new CVEs were disclosed in 2024, of which 61 percent were labeled as high or critical, but they won't all be a risk to every business. A new tool from Picus Security allows security teams to verify the exploitability of vulnerabilities and determine which pose real-world risks based on their unique environments.
Technology risks give compliance professionals sleepless nights


A newly released survey of US regulatory compliance professionals shows 63 percent say that technology-driven risk is the most significant market force likely to cause compliance issues for US financial services firms in 2025.
Other forces cited are global economic instability (58 percent), increasing regulatory complexity (48 percent), digital assets and crypto markets (37 percent each) and geopolitical instability (20 percent).
Enterprises change how they manage cyber risk


A new report from Zafran Security shows that enterprise risk management is shifting from volume to value, and from patching everything to fixing what matters most.
The study, carried out by Foundry MarketPulse, reveals that only one in 50,000 vulnerabilities actually pose a critical risk -- and the ones getting exploited the most are often old, quiet, and ignored.
The devices that are exposing enterprises to risk


The enterprise device landscape is becoming much more complex and more dangerous, with the average device risk per industry increasing by 15 percent year-on-year.
A new report from Forescout highlights that network-connected devices, from traditional IT operating systems to specialized healthcare systems and OT machinery, are exposing organizations to damaging threats such as ransomware attacks and data exfiltration.
Nearly half of organizations suffer third-party security incidents


New research finds that 47 percent of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network.
The study, carried out by the Ponemon Institute for Imprivata, also shows 64 percent of respondents believe these types of third-party data breaches will either increase or remain at alarmingly high levels over the next 12-24 months.
Enterprises under growing pressure to demonstrate readiness for cyber threats


A new study commissioned by Immersive Labs shows 96 percent of cyber leaders believe effectively communicating cyber-readiness to senior leadership and boards will be crucial in 2025, driven by regulatory compliance requirements and an increase in attacks.
The survey conducted by Sapio Research reveals that 49 percent of those surveyed report having experienced a cyberattack in the past year.
A third of companies don't know who is managing their AI risks


While 51 percent of organizations rely on their security teams to manage AI risks, 33 percent say that they either lack a dedicated role or are unsure who holds responsibility for AI risk management.
A new report from Wing Security and the Cloud Security Alliance also highlights that only 44 percent of organizations prioritize protecting all their sanctioned applications, while a mere 17 percent include unsanctioned ones as a priority.
Mitigating third-party risk in today's cyber ecosystem [Q&A]


As third-party risk continues to be a critical concern for enterprises, the need for effective risk management strategies has never been more pressing.
We spoke with Bob Maley, CISO of third-party risk management specialist Black Kite, to get his insights into effective strategies for managing this challenge along with the nuanced risks and necessary tactics to secure enterprise environments against sophisticated threats.
Google launches new AI risk assessment tool


Last year Google launched its Secure AI Framework (SAIF) to help people safely and responsibly deploy AI models.
Today it's adding to that with a new tool that can help others assess their security posture, apply these best practices, and put SAIF principles into action.
Cyberrisk quantification and how to measure it [Q&A]


Enterprises face an increasing range of cybersecurity risk, but quantifying and managing those risks can be a difficult task.
Recent Gartner research shows that more companies are trying to roll out cyber risk quantification (CRQ) in order to get a greater understanding of their risk profile.
Qualys launches cloud-based risk operations center


Organizations are facing an ever-growing volume of risk alerts spread across multiple, disconnected top-10 dashboards. This fragmented view can result in conflicting analyses, duplicate work, missed threats, and strategies that fail to fully protect the organization.
Cloud-based security firm Qualys is addressing this with the launch of a new Risk Operations Center (ROC) with Enterprise TruRisk Management (ETM) that enables CISOs and business leaders to manage cybersecurity risks in real time, transforming fragmented, siloed data into actionable insights that align cyber risk operations with business priorities.
Identity governance: Balancing cost reduction with effective risk management


Cost reduction is a top priority for many organizations, leading to the adoption of various technologies to automate tasks and improve efficiencies for cost savings. However, minimizing risk should also be a key objective for every business.
To achieve this, companies are looking into Identity Governance and Administration (IGA), which is a policy framework and security solution for automating the creation, management, and certification of user accounts, roles, and access rights. This ensures consistency, efficiency, and improved awareness, all of which are essential for reducing security risks. However, implementing IGA can often be seen as a laborious task that gets abandoned before the business experiences the benefits it has to offer.
Recovering from a data breach requires an effective cyber resilience strategy


The exposure of an organization's sensitive data or personal customer records can be detrimental to a company’s reputation. It may also result in severe financial implications due to regulatory fines and associated legal fees. Therefore, organizations must enhance their cybersecurity landscape as cybercrime and ransomware attacks increase exponentially.
This is supported by findings from the recent UK Cyber Security Breach Survey 2024, which states that 50 percent of UK businesses reported to have suffered a cyber-attack or breach in the last 12 months. Equally concerning is the global average cost of a breach which reached up to $4.45 million in 2023 according to Statista.
86 percent of security professionals view unknown risks as top concern


A new study from managed detection and response specialist Critical Start shows concerns about unknown risks have increased 17 percent compared to last year, with 86 percent naming them as a top issue.
The research, conducted in partnership with Censuswide, finds 66 percent of businesses report limited visibility and insight into their cyber risk profiles and 65 percent of executives express concerns over misalignment between cybersecurity investments and the organization's risk reduction priorities.
Recent Headlines
Most Commented Stories
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
Regional iGaming Content
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.