Organisations worldwide are being faced with unprecedented challenges in managing cyber risks with many struggling to effectively communicate risk, according to a report by cyber risk specialist Bitsight.

Based on a global survey of 1,000 cybersecurity professionals, the State of Cyber Risk and Exposure 2025 report, revealing that found that 90% of surveyed leaders find managing cyber risks harder today than five years ago, mainly due to the explosion of AI (39%) and rapidly expanding attack routes (38%). These evolving threats are also fuelling high rates of burnout, with 47% of cybersecurity and cyber risk professionals reporting exhaustion.

It suggests another key factor in the burnout crisis is the lack of threat visibility. Those who work at organisations with the tools to regularly map threats across their environments and contextualise them with multiple risk factors for full visibility – a capability that just 17% have – experience a significantly lower burnout rate of 44%. Those who do not have this capability have a burnout rate of 63%.

The report also found that despite growing investment in cybersecurity, just 29% of organisations have a formal program that is fully aligned with business objectives, while 1 in 5 still admit their practices are ‘immature’. Security leaders overwhelmingly rank continuous monitoring as their number one priority, yet only 17% have the capability to do it, leaving major gaps in threat detection, prioritisation, and response.

While nearly all organisations (99%) assess vendor risk, the survey found that only a third monitor those relationships over time. Bitsight warns that this is a dangerous blind spot, considering that a recent report from Verizon found that 30% of breaches last year were tied to third parties, doubling from the previous year.

Stephen Boyer, chief innovation officer at Bitsight, said: “As AI-automated threats accelerate, organisations are struggling with both the technical complexities of risk management and the critical need to align cybersecurity efforts with business priorities. The data clearly show that continuous monitoring and comprehensive visibility into cyber risk intelligence are no longer optional – they are foundational for effective risk management and communication, and for combating the increasing rates of burnout within security teams.”

---