The latest research on how organizations are closing the gap between assessment and action

How often are cyber risk assessments being conducted - and how effectively are they driving measurable risk reduction?

Derive’s Cyber Risk Management 2025 report surveyed 200 UK cybersecurity and risk professionals across organizations with 2,000–5,000+ employees to uncover how teams are responding to rising risk exposure, regulatory pressure, and operational complexity.

The findings reveal that while most organizations are highly active in assessing cyber risk, many still struggle to turn those assessments into meaningful, prioritized action. The result: too much effort, not enough measurable reduction in risk.

Key highlights

• 56% of organizations now perform cyber risk assessments weekly or more often

• 89% say peer comparisons shape their approach to cyber risk management

• 32% cite fragmented platforms as their biggest barrier to visibility and efficiency

• 100% report that cyber risk assessments influence budget decisions

• Yet only 21% say those results lead to clear prioritization of next steps

The full report explores how integrated, data-driven platforms help teams unify assessment, governance, and operations to deliver continuous visibility and measurable outcomes.

Get the full report

Fill out the form to download the Cyber Risk Management 2025: The Path to Effective Risk Prioritization