28% of cybersecurity professionals in North America and Europe at companies with at least 1,000 employees believe they can prevent a rogue AI agent from causing damage (2026).

75% of organizations globally express high confidence in their overall cyber risk management strategies.

97% of CISOs agree that hybrid infrastructure provides greater resilience and risk management capabilities than relying solely on cloud or on-premises environments.

49% of IT leaders cited cybersecurity threats as the biggest disruptor in 2026.

Malicious insiders accounted for incidents at 36% of organizations.

90% of organizations experienced incidents caused by employee mistakes.

72% of cybersecurity professionals agree that reducing security personnel significantly increases the risk of a breach in their organizations.

13% of IT leaders globally consider their organization's management of shadow AI risks as 'highly effective'.

9% of IT leaders globally believe their organization has a 'highly effective' defense against AI-generated cyber threats.

66% of risk leaders stated they have reviewed and updated their IT and cyber risk management strategy in response to major disruptions such as the Crowdstrike outage or MOVEit breach

Only 10% of leaders expressed a lack of confidence in their risk management data in 2025, down from 16% in 2024, reflecting a six-point improvement in trust towards risk data.

In 2025, 40% of companies reported that they mostly or only use spreadsheets to manage risk, a decrease from 53% in 2024, indicating a significant shift towards software use in risk management.

In 2024, 62% of companies were using or planned to use AI for risk management, which is projected to rise to 70% by 2025, reflecting a significant increase in AI adoption.

Thirty-nine percent of companies are not conducting worst-case scenario simulations, highlighting a critical gap in risk management practices that needs to be addressed.

60% of companies globally now have a chief risk officer as of 2024, an increase from 52% over the past two years, indicating a growing recognition of risk management as a priority.

45% of elements involved in risk analysis are related to use of cloud computing.

38% of elements involved in risk analysis are related to data ownership.

16% of risks identified through analysis are viewed as organizational concerns.

44% of elements involved in risk analysis are related to operational technology (OT).

56% of companies surveyed say that they are using a formal risk management framework.