GuidePoint Security and FAIR Institute Release State of Cyber Risk Management Report

June 27, 2025 – Published on VMblog

The FAIR Institute released its 2025 State of Cyber Risk Management Report, revealing an ongoing shift in how leading organizations manage digital risk. Sponsored by GuidePoint Security and SAFE and based on insights from 402 cyber risk leaders from around the globe, the report reveals that cyber risk management (CRM) has evolved from a siloed compliance function into a strategic discipline that informs executive decision-making.

“The way we manage cybersecurity and technology risk is increasingly quantified, data-driven, and aligned to business outcomes and value,” said John Sapp, CISO, Texas Mutual Insurance Company and FAIR Institute Board Member. “This report confirms what many of us have felt, that our risk management efforts are no longer constrained to regulations and standards and that we have the power to create risk-weighted returns for our businesses.”

Key findings include:

• CRM is fueling business outcomes. High-maturity organizations report improved credibility, better alignment, optimized cybersecurity spending, measurable risk reduction, and a more proactive cybersecurity posture.
• Technology-focused C-suite decision makers benefit most. In particular, CTOs, CIOs, CISOs, and Chief Risk Officers, are the primary consumers of cyber risk information, utilizing it to inform their strategy, investments, and resource allocation. 
• Quantification has gone mainstream. Nearly half of the respondents use or plan to adopt the Factor Analysis of Information Risk (FAIR) model for financially driven risk analysis.
• Automation, AI, and data are foundational. Seven in ten respondents have automated most or all of their CRM processes; nearly half are using AI to scale and mature their programs; and a strong majority integrate operational data into their risk systems.

Read More HERE.