Qualys has released The 2025 State of Cyber Risk Assessment Report, revealing that many organisations are still approaching cyber risk as a technical rather than a business problem.
The study, commissioned by Qualys and conducted by Dark Reading, draws on insights from over 100 IT and cybersecurity leaders across industries. It finds that although nearly half (49%) of organisations have a formal cyber risk program in place, the majority still rely heavily on manual processes, siloed security metrics and vulnerability severity alone to prioritise risks – often without factoring in asset value or business context.
“The research shows that the technical foundation for cyber-risk management exists – but what’s missing is strategic alignment between security operations and business priorities. Cybersecurity can no longer operate in isolation, yet many organisations continue to spread resources thinly across their attack surface without clearly understanding which risks actually matter to the business,” said Mayuresh Ektare, Vice President, Product Management, Enterprise TruRisk Management at Qualys.
“To close this gap, cybersecurity must evolve from an IT function to a…
