New findings reveal 90% of cyber leaders say risk management is harder than ever, with burnout rising and only 17% achieving full visibility into threats
Bitsight, the global leader in cyber risk intelligence, released its “State of Cyber Risk and Exposure 2025” report, revealing that organizations worldwide face unprecedented challenges in managing cyber risks. Based on a global survey of 1,000 cybersecurity and cyber risk leaders from companies with 500+ employees, the data highlights critical areas where organizations are struggling to effectively communicate risk.
According to the report, 90% of surveyed leaders find managing cyber risks harder today than five years ago, mainly due to the explosion of AI (39%) and rapidly expanding attack surfaces (38%). These evolving threats are also fueling high rates of burnout, with 47% of cybersecurity and cyber risk professionals reporting exhaustion.
Another key factor in the burnout crisis is the lack of threat visibility. Those who work at organizations with the tools to regularly map threats across their environments and contextualize them with multiple risk factors for full visibility โ a capability that just 17% have โ experience a significantly lower burnout rate of 44%. Those who don’t have a burnout rate of 63%.
Also Read:ย CIO Influence Interview with Dipto Chakravarty, Chief Product and Technology Officer at Black Duck
Key findings include:
- Cyber Programs Aren’t Keeping Up with Business Needs:ย Despite growing investment in cybersecurity, just 29% of organizations have a formal program that’s truly aligned with business objectives โ while 1 in 5 still admit their practices are “immature.”
- Monitoring Is a Top Priority, But Still Out of Reach:ย Security leaders overwhelmingly rank continuous monitoring as their number one priority, yet only 17% have the capability to do it โ leaving major gaps in threat detection, prioritization, and response.
- Third-Party Risk Is Monitored Sparingly, And At Great Cost:ย Nearly all organizations (99%) assess vendor risk, but only a third monitor those relationships over time. It’s a dangerous blind spot, consideringย 30% of breaches last year were tied to third parties, doubling from the previous year.
- Risk Communication Falters Without Full Visibility:ย Just 28% of organizations say they are “very effective” at communicating cyber risk to leadership. But those with strong asset visibility are 2.5 times more likely to get the message across to the board.
“As AI-automated threats accelerate, organizations are struggling with both the technical complexities of risk management and the critical need to align cybersecurity efforts with business priorities,” saidย Stephen Boyer, Chief Innovation Officer at Bitsight. “The data clearly show that continuous monitoring and comprehensive visibility into cyber risk intelligence are no longer optional โ they are foundational for effective risk management and communication, and for combating the increasing rates of burnout within security teams.”
The study emphasizes the urgent need for organizations to move beyond basic vulnerability management and embrace a data-centered, automated approach to cyber risk.
Also Read:ย Scott Holden Joins Vanta as Chief Marketing Officer
