Key Insights from the 2025 Global Cyber, D&O Survey
The 2025 Global Cyber, Directors and Officers Survey findings offer a detailed examination of the current landscape of cyber risk management and insurance practices across various organisations globally.
The key findings of the survey are as follows:
01
The most concerning cyber risks identified are phishing attacks and social engineering (27.21%), followed by ransomware (16.73%) and weak cybersecurity systems and controls (9.8%). These concerns are consistent across different regions.
02
Most organisations report feeling well-prepared to manage cyber incidents, with notable regional variations. For instance, 62.73% of organisations in Latin America and 67.95% in North America feel well-prepared.
03
The board or CEO is the primary sponsor of cyber risk management strategies, with 35.93% of organisations reporting this. Additionally, a senior leadership group and the IT department play crucial roles, with 26.5% and 20.22% of organizations, respectively, indicating their involvement.
04
Organisations are divided in how they allocate their cyber insurance premiums. Specifically, 44% include the premium as part of their cyber security budget, while 56% allocate it separately.
These findings underscore the growing importance of robust cyber risk management strategies and the need for continued investment in cybersecurity measures to address evolving threats.
Keep an eye out for our upcoming Cyber in Focus report where we delve into perception versus reality. Our specialists compare, contrast and comment on what you are voting to be the most significant risks versus what we are seeing from a claims point of view. The findings are truly interesting, and we cannot wait to share them with you.
We hope you enjoy exploring the findings from our latest Global Directors’ and Officers’ Survey, Cyber 2025.
Key recommendations from the Cyber Directors’ and Officers’ Survey Findings:
Ensure that your organisation has a comprehensive and well-documented plan to manage cyber incidents. This plan should include clear roles and responsibilities, communication protocols, and steps to mitigate and recover from cyber-attacks.
By implementing these recommendations, organizations can enhance their cyber resilience and better protect themselves against evolving cyber threats.
Cyber risk governance consulting
Tailored consulting services to help organizations establish robust cyber risk governance frameworks and enhance board oversight.
Incident response planning
Comprehensive support in developing and testing incident response plans to minimize the impact of cyber incidents.
