2025 State of Cyber Risk Management Report

The 2025 State of Cyber Risk Management Report is a comprehensive analysis that examines how organizations are adapting their cyber risk management (CRM) programs in response to evolving business, regulatory, and operational demands. It is based on a global survey of 402 cyber risk leaders and practitioners, providing a data-driven perspective on the practices and technologies shaping the future of CRM. The report outlines key findings, including the increasing importance of quantification and automation in CRM, the role of executive governance, and the integration of CRM with broader enterprise risk management. It also discusses the challenges organizations face, such as cultural resistance and gaps in governance. The report emphasizes that organizations with mature CRM programs are more proactive and aligned with business objectives, leading to improved risk reduction and optimized cybersecurity spending. Overall, the report reflects a maturing discipline that is evolving to meet the demands of the modern business landscape.