Latest news with #Ektare

TECHx

Qualys Report Reveals Gaps in Cyber Risk Management

Home » Top stories » Qualys Report Reveals Gaps in Cyber Risk Management Qualys has revealed key findings from its 2025 State of Cyber-risk Assessment report, highlighting major gaps in cybersecurity risk management despite rising investments. The research, conducted by Dark Reading and commissioned by Qualys, shows that most organizations still struggle with aligning cyber risk programs to business priorities. While 49% of surveyed organizations report having a formal cyber risk management program, only 18% use integrated risk scenarios that quantify business impact, including insurance risk transfer. The report notes that 30% align risk programs with business objectives, while 43% of programs are less than two years old. An additional 19% are still in the planning stage. Cybersecurity investments are growing, but 71% of organizations believe cyber risk levels are either increasing or unchanged: 51% report increasing cyber risk exposure 20% say risk remains steady Only 6% have seen a decrease Asset visibility remains a key challenge. Although 83% perform regular inventories, only 13% do so continuously. Furthermore, 47% rely on manual processes, and 41% cite incomplete inventories as a top barrier. Risk prioritization also lacks maturity. Only 68% use integrated risk scoring methods, while 19% still rely solely on CVSS scores. Just 18% update asset risk profiles monthly. While 90% report cyber-risk findings to the board, only 14% include financial quantification, and just 22% involve finance teams. Business stakeholders are included less than half the time. Mayuresh Ektare, Vice President of Product Management at Qualys, stated that current approaches fail to reduce cyber risk effectively. He emphasized adopting a Risk Operations Center (ROC) model that integrates vulnerability, asset, and threat data for a unified view. The report recommends organizations: Understand and prioritize risks based on business-critical assets Use diverse risk signals beyond vulnerability scans Transition from reactive incident response to proactive risk reduction Ektare added that integrating business-impacting risk scenarios will lead to more effective board-level communication and better-informed decision-making.