Future Cybersecurity Threat Landscape: Business Insight Demanded in 2025
In the ever-evolving landscape of cybersecurity, a modern Risk Operations Centre (ROC) model is revolutionising the way organisations approach cyber risk. This innovative approach unifies detection, assessment, and mitigation under a common business-risk framework.
According to the Qualys-Dark Reading Research Report, based on research with over 100 IT and cybersecurity leaders across industries, nearly half (49%) of organisations have a formal cyber risk program in place. However, only 30% prioritise their risk management programs based on business objectives. This indicates a gap in aligning cybersecurity strategies with organisational goals.
One of the key features of a modern ROC model is the continuous tracking of cyber risk, a departure from the traditional quarterly approach. This real-time monitoring allows for swift responses to emerging threats.
Interestingly, 43% of existing programs have been in place for less than two years, and an additional 19% are still in the planning phase. This suggests a growing emphasis on cybersecurity within organisations, with many still in the process of developing and implementing their programs.
Business stakeholders are involved less than half the time (43%) in cyber risk discussions, highlighting a need for greater collaboration between IT and business teams. Similarly, only 22% include finance teams in these discussions, and just 14% tie risk reports to financial quantification.
Despite increased investments, a vast majority (71%) of organisations believe that their cyber risk levels are rising or holding steady. This could be due to the fact that many organisations are still approaching cyber risk as a technical problem, not a business one. Asset visibility remains one of the biggest blind spots, with only 13% of organisations able to perform continuous asset inventories.
To address this, organisations must understand the business role of the assets they inventory. This includes recognising which applications support revenue-generating services and which systems handle sensitive customer data.
Risk prioritisation needs to go beyond single scoring methods like CVSS, with 68% of respondents using integrated risk scoring or cyber risk quantification with forecasted loss estimates. This approach provides a more holistic view of risk, taking into account the potential impact on the business.
Moreover, vulnerabilities are scored based on impact to the business in a modern ROC model. Just 19% of organisations continue to rank vulnerabilities using a single score like CVSS alone.
Finally, only 18% of organisations use integrated risk scenarios in their reporting, and just 18% update asset risk profiles monthly. This underscores the need for more frequent risk assessments and the use of integrated risk scenarios to provide a comprehensive view of potential threats.
In conclusion, the modern ROC model offers a promising approach to cyber risk management, emphasising continuous tracking, business-aligned risk prioritisation, and quantified outcomes. As organisations continue to grapple with the growing threat of cyber attacks, adopting such a model could prove to be a crucial step in managing and mitigating these risks.
Read also:
- Electric-powered vessels take to the waters of Maine
- Elon Musk accused by Sam Altman of exploiting X for personal gain
- Comparing the value of top electric scooters: Kinetic DX versus Bajaj Chetak versus TVS iQube - Which one offers the best bang for the buck?
- American Eagle's risque promotional effort featuring Sydney Sweeney leads to the brand being categorized as a 'trendy stock' among teenagers.
