Rapidly expanding attack surfaces are cited by 38% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risk today vs five years ago.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementAttack surface
Just 28% of organisations say they are "very effective" at communicating cyber risk to leadership.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementCommunication
Cybersecurity and cyber risk leaders at organizations without full threat visibility have a burnout rate of 63%.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementBurnout
Organisations with strong asset visibility are 2.5 times more likely to communicate cyber risk effectively to the board
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Nearly all organisations (99%) assess vendor risk.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementVendor risk
Just 17% of organisations have tools to regularly map threats and contextualise them for full visibility.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementToolsThreat mapping
Cybersecurity and cyber risk leaders at organizations with full threat visibility experience a significantly lower burnout rate of 44%.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementBurnout
Only 17% of organisations have the capability for continuous monitoring, despite it being a top priority.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementContinuous monitoring
Only a third of organisations monitor third-party relationships over time.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementThird-party
The percentage of breaches tied to third parties doubled from the previous year.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementThird-partyData breach
90% of surveyed cybersecurity and cyber risk leaders find managing cyber risks harder today than five years ago.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk management
The explosion of AI is cited by 39% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risks today vs five years ago.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementAI
1 in 5 organisations still admit their cyber practices are "immature".
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementMaturity
Just 29% of organisations have a formal cyber program that is truly aligned with business objectives.
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk management
47% of cybersecurity and cyber risk professionals report exhaustion (burnout).
BitsightState of Cyber Risk and Exposure 2025·Jul 29, 2025
Cyber riskRisk managementBurnout
There was a 43% increase in data breach data shared on underground forums in 2024.
Bitsight2025 State of the Underground·May 7, 2025
Data breachSensitive informationUnderground forumsDark web
14.5 million compromised credit cards listed on underground markets in 2024. This represents a 20% increase over 2023
Bitsight2025 State of the Underground·May 7, 2025
Credit cards
There was a 25% increase in ransomware attacks in 2024.
Bitsight2025 State of the Underground·May 7, 2025
Ransomware
There was a 53% increase in the number of ransomware group leak sites in 2024.
Bitsight2025 State of the Underground·May 7, 2025
Ransomware Leak site
Nearly 20% of data breach victims were U.S. organizations.
Bitsight2025 State of the Underground·May 7, 2025
Data breachUS
2.9 billion unique sets of compromised credentials identified in 2024. This is an increase from 2.2 billion in 2023.
Bitsight2025 State of the Underground·May 7, 2025
Credentials
ByteDance Group (TikTok's parent company) is connected to 35.4% of the U.S. market.
BitsightUnder the Surface: Uncovering Cyber Risk in the Global Supply Chain·Mar 17, 2025
Chinese state-linked entitiesUS
Providers outperform consumers in four of six security standards – including DMARC, SPF, DKIM, and DNSSEC.
BitsightUnder the Surface: Uncovering Cyber Risk in the Global Supply Chain·Mar 17, 2025
Security standardsDMARCSPFDKIMDNSSEC
Providers lag behind consumers in areas such as patch management, open ports, insecure systems, and botnet infections
BitsightUnder the Surface: Uncovering Cyber Risk in the Global Supply Chain·Mar 17, 2025
Patch managementOpen portsBotnetSystem security
Technology providers use 2.5x more products than consumers.
BitsightUnder the Surface: Uncovering Cyber Risk in the Global Supply Chain·Mar 17, 2025
Technology
Technology providers have 10x more internet-facing assets than consumers.
BitsightUnder the Surface: Uncovering Cyber Risk in the Global Supply Chain·Mar 17, 2025
Internet-facingTechnology
One-third of the U.S. supply chain relies on software or services from companies formally designated by the Department of Defense as "Chinese Military Companies".
BitsightUnder the Surface: Uncovering Cyber Risk in the Global Supply Chain·Mar 17, 2025
Chinese state-linked entitiesSupply chainUS
Two-thirds of the U.S. supply chain depends on companies with at least expected ties to Chinese state-linked entities.
BitsightUnder the Surface: Uncovering Cyber Risk in the Global Supply Chain·Mar 17, 2025