Qualys has released The 2025 State of Cyber Risk Assessment Report, revealing that many organisations are still approaching cyber risk as a technical rather than abusiness problem.
The study, commissioned by Qualys and conducted by Dark Reading, draws on insights from over 100 IT and cybersecurity leaders across industries. It finds that although nearly half (49%) of organisations have a formal cyber risk program in place, themajority still rely heavily on manual processes, siloed security metrics and vulnerabilityseverity alone to prioritise risks – often without factoring in asset value or businesscontext.
“The research shows that the technical foundation for cyber-risk management exists -but what’s missing is strategic alignment between security operations and businesspriorities. Cybersecurity can no longer operate in isolation, yet many organisationscontinue to spread resources thinly across their attack surface without clearlyunderstanding which risks actually matter to the business,” said Mayuresh Ektare, Vice President, Product Management, Enterprise TruRisk Management at Qualys.
“To close this gap, cybersecurity must evolve from an IT function to a…
