BitSight Reveals Critical Gaps & New Cybersecurity Priorities For Organisations

Uploaded on 2025-08-01 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

According to aa new report from BitSight, cybersecurity has solidified its presence as a critical issue on the boardroom agenda.

The report is titled 2025 State of Cyber Risk and Exposure  and draws on a survey of 1,000 IT security leaders across six countries, reveals that 9% of board meeting time is now dedicated to the risks and opportunities related to technology - a figure not far behind time spent on traditional oversight (58%) and external global risks (10%).

Yet, while the issue commands attention, there remains a disconnect between the language of cyber risk professionals and the needs of executive stakeholders.

A key concern is the tendency for security teams to present overly technical data, which dilutes the impact of their messaging in a setting where time is both finite and highly contested.

Poor Visibility: The Silent Killer of Risk Communication

BitSight’s report highlights poor security visibility as a silent but powerful barrier to effective cyber risk communication -especially for those already struggling to engage the board. While only third on the list of reported challenges, cited by 32% of respondents, BitSight argues that it is, in fact, the most critical issue.

Why? Because it’s within the control of risk managers. The tools, telemetry, and intelligence systems organisations deploy directly affect their ability to monitor and interpret cyber threats. When visibility is lacking, even the most well-intentioned communication efforts will fail to provide the board with clarity or confidence.

Visibility Is The Key To Better Board Communication

The findings show a clear correlation between visibility and communication success. Organisations that continuously monitor cyber risk and contextualise findings within the business environment are **2.5 times more likely** to report effective communication with their board. Among those with high visibility, **72%** report excellence in communication, compared to just 28% overall.

This trend is particularly significant in the wake of evolving regulatory demands and increasing scrutiny from insurers and investors, all of whom are demanding more sophisticated, timely, and transparent reporting.

A Critical Inflection Point For Cybersecurity Strategy

The 2025 report’s central message is clear: cybersecurity has reached a critical juncture. AI-driven threats, rapid digitisation, and expanding attack surfaces demand a fundamental shift in how organisations understand and manage cyber risk. Data alone is no longer enoughcyber risk intelligence is what matters now.

BitSight urges organisations to go beyond simple telemetry and instead focus on *interpreting* the data—aligning it with business objectives, threat landscapes, and operational realities to enable meaningful, strategic action.

Building The Foundation: Asset Discovery & Continuous Monitoring

BitSight identifies comprehensive asset discovery and ontinuous monitoring as foundational pillars of cyber maturity. Organisations that achieve high levels of asset visibility are far more likely to communicate effectively at the board level.

However, the survey reveals a concerning gap: **fewer than one in five organisations** actively map threats across their environment and correlate them with diverse risk factors. This indicates a widespread lack of mature, automated asset management processes.

Without this foundation, organisations are effectively flying blind -leaving themselves exposed not just to cyber attacks, but also to reputational and regulatory fallout from ineffective governance.

Enriching Security Data With Business Context

The report also stresses the importance of **contextualising security data**. Raw metrics and technical findings must be transformed into actionable insights that align with business goals and the real-world threat landscape.

Shockingly, only 29% of organisations have a formal cyber risk programme that is well-aligned with their business objectives. Even fewer - just 17% - can reliably map threats to specific assets.

This lack of integration between security and business strategy continues to undermine risk prioritisation efforts, leading to wasted resources and undetected vulnerabilities.

Supply Chain Blind Spots Threaten Exposure Management

BitSight draws attention to an often-overlooked issue: the digital supply chain. Although most organisations assess third-party vendors for cyber risk, only about one-third engage in continuous monitoring of those relationships.

This represents a major exposure area. Mature organisations with well-aligned cyber risk programmes are 4.5 times more likely to maintain continuous oversight of third-party networks—underscoring the importance of extending visibility beyond internal infrastructure.

As attacks increasingly propagate through indirect channels - via suppliers, vendors, and partners - failing to monitor these relationships in real-time is a critical oversight.

Communication Is The Endgame

At the heart of all of BitSight’s recommendations lies a simple truth: effective cyber risk communication is the ultimate goal. Boards, insurers, and regulators are demanding clearer, more contextualised insights - especially as regulatory frameworks become more prescriptive.

Those organisations that invest in visibility, intelligence, and business-aligned strategies are not just more secure - they’re also better equipped to justify their security investments and meet evolving external demands.

The report warns that failing to evolve in this direction leaves organisations vulnerable on multiple fronts: operational, reputational, and financial.

Turning Insight Into Action

As cybersecurity threats continue to escalate in scope and sophistication, BitSight’s 2025 report serves as both a warning and a guide. Visibility, context, and communication are no longer optional—they are **non-negotiable components** of effective cyber risk management.

Organisations that heed this call will not only improve their defensive posture but also enhance trust with their stakeholders, drive accountability, and demonstrate resilience in a rapidly evolving digital world.

The message for BitSightis clear.  It’s time to turn data into intelligence - and intelligence into action.

Image: 

You Might Also Read:

Cyber Resilience Must Start With Visibility:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cloud Security Posture Management Emerges As A Key Element In Cyber Security
Student Jailed For £100M Phishing Fraud Scheme »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

IBackup

IBackup

IBackup is a Web Based Online Backup service provider.

SecurePay

SecurePay

SecurePay is Australia's premier payment gateway, with a range of secure online payment solutions for online retailers, SMEs and enterprise businesses.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Templar Executives

Templar Executives

Templar Executives is a leading, expert and dynamic Cyber Security company trusted by Governments and multi-national organisations to deliver business transformation.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

R3

R3

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 300 participants across multiple industries to develop blockchain applications.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

ADGS

ADGS

ADGS is a deeptech company focused in the fields of Agent-Based simulations (Emergent Behavior), Cybersecurity and Biometrics, Social Dynamics, Natural Language Processing and Artificial Intelligence.

Bitbone

Bitbone

Bitbone develop IT infrastructure and IT security solutions that create long-term value.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

Cynalytica

Cynalytica

Cynalytica deliver pioneering cybersecurity and machine analytics technologies that help protect critical infrastructure, securely enable Industry 4.0 and help accelerate digital transformation.

Secure Cyber Defense

Secure Cyber Defense

Secure Cyber Defense provides expert cybersecurity consulting and managed detection and response services to companies, local government, schools and universities.

SecondSight

SecondSight

SecondSight’s Vertical AI embodies a full-spectrum approach to cyber insurance, facilitating accurate digital risk profiling.

Bell Canada

Bell Canada

Bell is the leading provider of network and communications services for Canadian businesses and the partner for delivering network, IoT, cloud, voice, collaboration and security solutions.