Articles about risk

A new study from managed detection and response specialist Critical Start shows concerns about unknown risks have increased 17 percent compared to last year, with 86 percent naming them as a top issue.

The research, conducted in partnership with Censuswide, finds 66 percent of businesses report limited visibility and insight into their cyber risk profiles and 65 percent of executives express concerns over misalignment between cybersecurity investments and the organization's risk reduction priorities.

Continue reading →

AI is exploding, particularly as large language models (LLMs) have infiltrated everyday life. Almost every new mainstream product seems to promote some usage of AI, and industry after industry is being transformed by its capabilities. But despite AI’s potential, some sectors have been slow to adopt it. Risk management is one of them. Fortunately, that is starting to change.

According to a 2023 Deloitte study, only 1.33 percent of insurance companies had invested in AI. Data from this year indicates a shift is underway. In Conning’s 2024 survey, 77 percent of respondents indicated that they are in some stage of adopting AI somewhere within their value chain. This may sound a bit nebulous -- some stage, somewhere -- but it represents a sizable jump from the 61 percent of respondents the prior year. Additionally, 67 percent of insurance companies disclosed they are currently piloting LLMs.

Continue reading →

Research released by KnowBe4 shows that 75 percent of security professionals have witnessed employees displaying risky security behaviors at work and 62 percent admit to risky behavior themselves.

Top risky things that cybersecurity pros admit to include using entertainment or streaming services (33 percent), using GenAI within the organization (31 percent), sharing personal information (14 percent), using gaming or gambling websites at work (10 percent) and using adult entertainment websites (two percent).

Continue reading →

A new study from cloud-based risk management platform AuditBoard finds 78 percent of organizations are tracking AI as an emerging risk while simultaneously adopting the technology themselves.

The report, based on a survey of over 400 security professionals in the US, finds more than half of enterprises surveyed report using AI to improve efficiency and enhance their digital risk posture.

Continue reading →

Two-thirds of organizations responding to a new survey list cyber risk concerns as the most important drivers for implementing a zero-trust strategy.

A new report from the Entrust Cybersecurity Institute, based on research by the Ponemon Institute, shows the pattern is even more pronounced in the US, with 50 percent of organizations citing cyber breach risk and 29 percent reporting the expanding attack surface for a combined total of 79 percent.

Continue reading →

New analysis from MixMode.ai reveals the countries with the highest and lowest risk for cyber threats worldwide in 2024, with the US ranking 9th overall among countries with the lowest risk.

The analysis is based on a comprehensive dataset encompassing various indices, including the National Cyber Security Index, Cybersecurity Exposure Index, Global Cybersecurity Index, Cyber Resilience Index, and the Final Cyber Safety Score to give each of 70 countries a score out of 100.

Continue reading →

A new report finds that 85 percent of executives surveyed believe computing innovation is
increasing risk.

The report from LevelBlue also shows 74 percent think the opportunity of computing innovation outweighs the corresponding increase in cybersecurity risk -- making cyber resilience nearly impossible to achieve.

Continue reading →

Security vulnerabilities often lurk undetected within organizations, a consequence of gaps in traditional security assessments. These gaps can arise from missed systems during scans or the use of improper scanning techniques or technologies for specific systems.

To effectively manage risk, organizations need a comprehensive understanding of their security posture across the entire technology stack. This is where continuous risk assessment comes in -- it provides enhanced visibility, pinpointing vulnerabilities that periodic audits might miss and highlighting the limitations of traditional methods.

Continue reading →

Human factors, including lack of awareness, training and inconsistent policy adherence, are getting in the way of cybersecurity for smaller businesses.

A new survey of more than 600 business and IT security managers conducted by LastPass and survey research firm InnovateMR shows that cyberattacks targeting smaller organizations have increased significantly in recent years, as cyber criminals have learned these organizations are relatively easy targets.

Continue reading →

The critical national infrastructure that underpins the UK has undergone a tremendous amount of digital transformation in recent years. Areas like water treatment, energy and food production are still heavily reliant on operational technology (OT) systems that were often designed and implemented long before the digital revolution.

Digitizing these systems and connecting them to standard IT networks has allowed operators to boost efficiency and bring in practices like remote working and data collection that weren’t possible in an analogue environment.

Continue reading →

A new study from Barracuda Networks finds just 43 percent of organizations surveyed have confidence in their ability to address cyber risk, vulnerabilities, and attacks.

The findings also show that many organizations find it hard to implement company-wide security policies such as authentication measures and access controls. 49 percent of the smaller to mid-sized companies surveyed listed this as one of their top two governance challenges.

Continue reading →

In today's digital landscape, where data is omnipresent across various platforms and devices, maintaining efficient backup processes has become increasingly critical. Yet, despite the inherent risks, a surprising number of organizations continue to deploy their infrastructure without adequate backup measures in place.

According to a poll conducted among IT professionals, only a mere 25 percent of them adhere to industry best practices concerning data backup, creating potentially dangerous data gaps in production and employee risk management. Initially enticed by the allure of cost-saving, many companies overlook the necessity of investing in backup solutions, only to face dire consequences in the long run.

Continue reading →

According to a new study, 89 percent of cybersecurity professionals agree that their company's sensitive data is increasingly vulnerable to new AI technologies.

The study of 700 respondents across cybersecurity roles, conducted by Vanson Bourne for Code42, also finds that 87 percent are concerned their employees may inadvertently expose sensitive data to competitors by inputting it into GenAI. In addition 87 percent are concerned their employees are not following their GenAI policy.

Continue reading →

An overwhelming majority of global organizations admit they are ill-prepared to handle the steady increase in insider threat activity, according to new research conducted by Cybersecurity Insiders and announced today by Securonix.

While 76 percent of organizations have detected increased insider threat activity over the past five years, less than 30 percent believe they are equipped with the right tools to handle them.

Continue reading →

Today’s complicated threat landscape leaves security teams grappling with new challenges on a scale never seen. Threat actors are more organized and efficient, leveraging a vast ecosystem of tools and services that cater to experts and beginners alike. In early March, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory warning of the resurgence of Royal ransomware with new compromise and encryption tactics used to target specific industries, including critical infrastructure, healthcare and education.

Cyberattacks are only increasing and growing more destructive, targeting supply chains, third-party software, and operational technology (OT). Gartner predicts that by 2025, threat actors will weaponize OT environments successfully to cause human casualties. This is happening at a time of increased technology adoption led by accelerated digital transformation efforts, hybrid work and the Industrial Internet of Things (IoT) boom, leaving security teams to manage an evolving and growing attack surface and multiplying vulnerabilities.

Continue reading →