New research from Qualys reveals that many organisations are still treating cyber risk primarily as a technical issue despite growing pressures to align cybersecurity with overarching business priorities.
The 2025 State of Cyber Risk Assessment Report, conducted by Dark Reading and commissioned by Qualys, surveyed more than 100 IT and cybersecurity leaders across a range of industries. The findings indicate that although almost half of organisations (49%) have implemented a formal cyber risk programme, most still depend on manual processes and isolated metrics, often prioritising vulnerabilities solely by severity without considering the associated asset value or wider business context.
Mayuresh Ektare, Vice President, Product Management, Enterprise TruRisk Management at Qualys, commented on the report’s findings:
The research shows that the technical foundation for cyber-risk management exists – but what’s missing is strategic alignment between security operations and business priorities. Cybersecurity can no longer operate in isolation, yet many organisations continue to spread resources thinly across their attack surface without clearly understanding which risks…
