Articles about Risk Management

A new study reveals that that 90 percent of leaders find managing cyber risks harder today than they did five years ago, resulting in higher reports of burnout (47 percent), including more than one in ten who say they’re on the verge of quitting.

The report from Bitsight shows the leading causes of poor cyber risk management, and therefore burnout, include an explosion of AI (39 percent), and rapidly expanding attack surfaces (38 percent).

Continue reading →

Ignoring vulnerabilities and exposures may not seem like a good idea, but conventional strategies rely heavily on vulnerability severity (CVSS) and exploitability indicators (EPSS), which ignore whether vulnerabilities are exploitable or already mitigated by existing defenses in a specific organization.

More than 40,000 new CVEs were disclosed in 2024, of which 61 percent were labeled as high or critical, but they won't all be a risk to every business. A new tool from Picus Security allows security teams to verify the exploitability of vulnerabilities and determine which pose real-world risks based on their unique environments.

Continue reading →

A newly released survey of US regulatory compliance professionals shows 63 percent say that technology-driven risk is the most significant market force likely to cause compliance issues for US financial services firms in 2025.

Other forces cited are global economic instability (58 percent), increasing regulatory complexity (48 percent), digital assets and crypto markets (37 percent each) and geopolitical instability (20 percent).

Continue reading →

A new report from Zafran Security shows that enterprise risk management is shifting from volume to value, and from patching everything to fixing what matters most.

The study, carried out by Foundry MarketPulse, reveals that only one in 50,000 vulnerabilities actually pose a critical risk -- and the ones getting exploited the most are often old, quiet, and ignored.

Continue reading →

The enterprise device landscape is becoming much more complex and more dangerous, with the average device risk per industry increasing by 15 percent year-on-year.

A new report from Forescout highlights that network-connected devices, from traditional IT operating systems to specialized healthcare systems and OT machinery, are exposing organizations to damaging threats such as ransomware attacks and data exfiltration.

Continue reading →

New research finds that 47 percent of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network.

The study, carried out by the Ponemon Institute for Imprivata, also shows 64 percent of respondents believe these types of third-party data breaches will either increase or remain at alarmingly high levels over the next 12-24 months.

Continue reading →

A new study commissioned by Immersive Labs shows 96 percent of cyber leaders believe effectively communicating cyber-readiness to senior leadership and boards will be crucial in 2025, driven by regulatory compliance requirements and an increase in attacks.

The survey conducted by Sapio Research reveals that 49 percent of those surveyed report having experienced a cyberattack in the past year.

Continue reading →

While 51 percent of organizations rely on their security teams to manage AI risks, 33 percent say that they either lack a dedicated role or are unsure who holds responsibility for AI risk management.

A new report from Wing Security and the Cloud Security Alliance also highlights that only 44 percent of organizations prioritize protecting all their sanctioned applications, while a mere 17 percent include unsanctioned ones as a priority.

Continue reading →

As third-party risk continues to be a critical concern for enterprises, the need for effective risk management strategies has never been more pressing.

We spoke with Bob Maley, CISO of third-party risk management specialist Black Kite, to get his insights into effective strategies for managing this challenge along with the nuanced risks and necessary tactics to secure enterprise environments against sophisticated threats.

Continue reading →

Last year Google launched its Secure AI Framework (SAIF) to help people safely and responsibly deploy AI models.

Today it's adding to that with a new tool that can help others assess their security posture, apply these best practices, and put SAIF principles into action.

Continue reading →

Enterprises face an increasing range of cybersecurity risk, but quantifying and managing those risks can be a difficult task.

Recent Gartner research shows that more companies are trying to roll out cyber risk quantification (CRQ) in order to get a greater understanding of their risk profile.

Continue reading →

Organizations are facing an ever-growing volume of risk alerts spread across multiple, disconnected top-10 dashboards. This fragmented view can result in conflicting analyses, duplicate work, missed threats, and strategies that fail to fully protect the organization.

Cloud-based security firm Qualys is addressing this with the launch of a new Risk Operations Center (ROC) with Enterprise TruRisk Management (ETM) that enables CISOs and business leaders to manage cybersecurity risks in real time, transforming fragmented, siloed data into actionable insights that align cyber risk operations with business priorities.

Continue reading →

Cost reduction is a top priority for many organizations, leading to the adoption of various technologies to automate tasks and improve efficiencies for cost savings. However, minimizing risk should also be a key objective for every business.

To achieve this, companies are looking into Identity Governance and Administration (IGA), which is a policy framework and security solution for automating the creation, management, and certification of user accounts, roles, and access rights. This ensures consistency, efficiency, and improved awareness, all of which are essential for reducing security risks. However, implementing IGA can often be seen as a laborious task that gets abandoned before the business experiences the benefits it has to offer.

Continue reading →

The exposure of an organization's sensitive data or personal customer records can be detrimental to a company’s reputation. It may also result in severe financial implications due to regulatory fines and associated legal fees. Therefore, organizations must enhance their cybersecurity landscape as cybercrime and ransomware attacks increase exponentially.

This is supported by findings from the recent UK Cyber Security Breach Survey 2024, which states that 50 percent of UK businesses reported to have suffered a cyber-attack or breach in the last 12 months. Equally concerning is the global average cost of a breach which reached up to $4.45 million in 2023 according to Statista.

Continue reading →

A new study from managed detection and response specialist Critical Start shows concerns about unknown risks have increased 17 percent compared to last year, with 86 percent naming them as a top issue.

The research, conducted in partnership with Censuswide, finds 66 percent of businesses report limited visibility and insight into their cyber risk profiles and 65 percent of executives express concerns over misalignment between cybersecurity investments and the organization's risk reduction priorities.

Continue reading →