Cyber Risk Strategy

Cyber risk strategy

Q: Who sponsors cyber risk management strategy within your organisation

Figure 8: Who sponsor cyber risk management strategy within you organisation

The board, CEO and senior leadership group continue to take a leading role in the sponsorship and oversight of the organisations cyber risk strategy, but to a lesser extent than in the prior year. Respondents indicated an increased involvement from an officer outside of senior leadership, such as a CISO, which perhaps indicates the need to engage both strategic and technical stakeholders to manage cyber risk most effectively. From a regional perspective, both Latin America and the Middle East indicated a significantly higher involvement than average from the IT department in the oversight and sponsorship of cyber risk strategy.

Q: Who oversees the management of your organisation’s cyber risk strategy?

Cyber risk strategy

Figure 9: Who oversees the management of your organisation's cyber risk strategy?

Cyber risk strategy– by region

Q: Who sponsors cyber risk management strategy within your organisation?

Figure 10: Cyber risk strategy - by region

Cyber risk strategy – by revenue

Q. Who sponsors the management of your organisation’s cyber risk strategy?

Figure 11: Cyber risk strategy by revenue

Cyber risk strategy– by region

Q. Who oversees the management of your organisation’s cyber risk strategy?

Figure 12: By region

Cyber risk strategy– by revenue

Q. Who oversees the management of your organisation’s cyber risk strategy?

Figure 13: By company revenue

Cyber Risk Strategy

Figure 14: Over the course of the next 12 months, is your organisation’s cyber security budget likely to?

Figure 15: How often is your board updated on the state of cyber security and changes in the cyber threat landscape?

Respondents indicated that cyber security budgets will continue to increase in 2025 but to a lesser extent than 2024 (56% versus 63% respectively) with an increasing number of respondents indicating budgets will stay the same. Over half of respondents advised that the board is updated on the state of cybersecurity and changes in the cyber threat landscape at least quarterly.

Which risks are you most concerned about relative to your cyber exposure?

As a new question this year, we asked respondents to indicate which risks they are most concerned about relative to their cyber exposure. Phishing attacks/social engineering (54%), ransomware (46%) and weak cybersecurity systems and controls (32%) were ranked as the top 3. It was interesting to see that vulnerabilities in the supply chain were ranked as lower concerns (bearing in mind this currently a key is of cyber incidents and losses) as were AI and new technologies.

Which risks are you most concerned about relative to your cyber exposure?

Figure 17: Cyber risk exposure

Which risks are you most concerned about relative to your cyber exposure?

Figure 18: Cyber risk exposure