Ransomware is a predicted threat in 2025. This is especially concerning given that 38% of security experts say ransomware is even more dangerous when equipped with AI.
Only 29% of security experts say they are very well prepared for ransomware attacks compared to threat levels leave a big gap in preparation (29%), highlighting the need for stronger security measures.
Strong understanding of exposure management among security leaders
A more sophisticated and adaptive approach to cybersecurity is needed. This takes into account the trade-off between business risk and reward, rather than focusing solely on absolute protection. Exposure management provides a more effective solution for managing and mitigating risks in this complex environment.
Ivanti’s research shows that the concept of exposure management is well understood. For example, 49% of security experts say that company leaders have a high level of understanding for exposure management. However, organizations have not taken steps to embrace practice. Only 22% say they are seeing an increase in exposure management investment in 2025.
Most organizations continue to operate their business when it comes to breaking data and organizational silos. 88% of security experts report important data blind spots. This is an area of ​​insufficient data to make informed security decisions, such as Shadow IT, patch compliance, vendor risk management information, and dependency mapping.
44% say they struggle to manage security risks due to challenging security/IT relationships. 40% say IT, and security teams use branching tools for the same activity.
While 52% of security experts rated API and software vulnerabilities as high as critical to high threats, many organizations lack visibility into these risks.
“Business leaders need to be used to consider the impact of cyber risk on broader business risks. Exposure management is a tool for organizations to assess vulnerabilities and risks in a variety of goals, including business goals, in order to intentionally balance security and operations. “However, for successful exposure management, organizations must ensure security and collaboration with other departments, conduct risk assessments that are consistent with the organization’s risk appetite, and prioritize mitigating the most impactful vulnerabilities.”
Addressing technical debt concerns
While 83% of security teams claim they have a documented framework for identifying risk tolerance, 51% of these individuals say that the current framework is not closely followed, and it is not as effective as they have no framework at all.
Among security and leadership experts, a third says that technology debt is a serious concern.
For example, 37% say they cannot maintain basic security practices, while 43% say they are susceptible to security breaches due to accumulation of technical debt. Of those who name technology debt as “very serious” concerns within the organization, 71% reported slowing growth. 43% say that technology debt slows innovation.
Organizations are increasingly focusing on CISOs for strategic business advice, including guidance on AI adoption and supply chain risk management. And the board is becoming more and more involved.
The study shows that cybersecurity is already a topic at the board level. 89% say cyber risk is being discussed at the board level, while 88% have CISOs invited to high-level strategic meetings on business decision-making, organizational planning and more.
Still, many CISOs operate primarily on the risk of downtime rather than looking at the big picture.
