Cyber ​​risk on the rise: Why companies fail despite budgets

Cyber ​​risk on the rise: Why companies fail despite budgets

Today's businesses face an ever-increasing threat from cyber risks. Despite increased investments in cybersecurity, studies show that many organizations are still underprepared for these risks. Recent research from Qualys and Dark Reading, presented as part of the State of Cyber ​​Risk 2025 study, reveals alarming trends that require a transformation in the approach to cybersecurity.

The majority of the 100+ IT and security leaders surveyed report that their cyber risks are either increasing or remaining unchanged. What's particularly concerning is that only 49% of organizations have a formalized cyber risk program, of which only 30% prioritize risks based on business objectives. This means that a significant proportion of companies are unable to effectively adapt their security strategies to the real business context.

Lack of business focus

The main problem highlighted by the study authors is the lack of business context in cybersecurity. Companies tend to view security aspects primarily as a cost factor without considering the business-related impact. The qualified feedback from those responsible makes it clear that only 14% are able to link their cyber risk reports with financial key figures. A clear communication gap between security and finance teams stands in the way of effective risk management.

Furthermore, most organizations fail to continually inventory their assets. Only 13% use automated processes, while 47% use manual methods. In this context, clear traceability of cyber risks and their effects is essential. Organizations must strategically rethink their security investments and move from a technical focus to a business-relevant approach to ensure effective risk management.

Strategic approaches to risk reduction

To meet this challenge, the concept of the “Risk Operations Center” (ROC) is presented by Qualys as a promising solution. This model aims to translate technical information into business-relevant metrics that help management make informed decisions. Companies that implement the ROC model could significantly improve their risk assessment and mitigation strategies.

Additionally, a report from Aon highlights the importance of a strategic approach to cybersecurity. Companies are under pressure to manage their cyber risks through a comprehensive analysis of the threat landscape and their own business model. A systematic framework such as the “Return on Security Investment” (ROSI) enables organizations to evaluate their security investments according to clear criteria and to conduct financial discussions on a solid basis of data.

Five steps to implementing ROSI

To successfully implement the ROSI framework, companies should consider the following steps:

• Das Geschäftsmodell besser verstehen.
• Schlüsselressourcen identifizieren.
• Grundlagen wie Endpunktschutz schaffen.
• Szenario-Plan erarbeiten.
• Risiken quantifizieren und entsprechende Kontrollen identifizieren.

Additionally, it is crucial that companies design concrete answers to important questions about their cyber risk management in order to develop an effective security strategy. A data-driven approach ultimately leads to better results in cyber defense and significantly increases the resilience of organizations against cyber threats.

Given the dramatic developments, it is essential for companies today to ensure that their cybersecurity strategies are not only technically sound but also strongly aligned with business objectives. Effectively connecting cybersecurity and business growth could be the key to mitigating current cyber risks.

For more information, readers can view the detailed reports at datensicherheit.de and Aeon see.