#Israel #Cybersecurity #Herzliya #CYE #Hyver

CYE's 2025 Cybersecurity Maturity Report: Investment Alone Is Not Enough

CYE, a premier player in cyber exposure management, has recently published its 2025 Cybersecurity Maturity Report, providing a deep dive into the state of cybersecurity across various industries and countries. This report was based on detailed analysis and data retrieved from CYE's SaaS platform, Hyver, and encompasses assessments conducted in 17 countries and 15 industries. The findings outlined in this report are critical for organizations as they assess and develop their cyber resilience strategies.

Key Observations from the Report

As organizations prepare for a projected 15% spike in cybersecurity spending in 2025—increasing from $183.9 billion in 2024 to $212 billion—CYE's findings suggest that simply boosting budgets might not resolve the complexities associated with cybersecurity. This dilemma becomes clearer as organizations grapple with the increasing intricacies of risk management, technological advancements like GenAI, and burgeoning threats from agile, well-funded cyber adversaries.

The Disconnect Between Spending and Safety

One of the report's primary conclusions is that many organizations lack a comprehensive understanding of their digital asset landscape. According to Vanta, over 75% of companies report inadequate visibility into their IT resources, which in turn elevates their security risks. This alarming trend highlights that increased investment without strategic insight does not necessarily translate into improved security outcomes.

Not All Budgets Are Created Equal

Interestingly, countries such as Japan and Norway have outperformed larger nations like the US and the UK in terms of cyber readiness. This demonstrates that a well-coordinated approach to national cybersecurity strategies can achieve better incident response results, despite the inequalities in budget size.

Addressing Fundamental Issues in Cyber Hygiene

The report emphasizes that many organizations are still struggling with basic cybersecurity hygiene. Key issues such as weak password policies and outdated systems have been highlighted, with research indicating that around 81% of corporate breaches stem from compromised or weak passwords.

Supply Chain Risks are Often Overlooked

As the report affirms, supply chain risks continue to rise, with 30% of breaches in 2025 attributed to third-party involvement, according to Verizon. Despite this data, many companies still lack robust measures to identify and mitigate the cyber risks brought forth by external vendors, leaving significant gaps in their security frameworks.

Recovery Plans: A Critical Oversight

Moreover, CYE's findings reveal that about 50% of businesses do not possess a documented business continuity plan, causing disaster recovery strategies to appear as an afterthought within the broader cybersecurity framework.

The Path Forward: Proactive Cyber Hygiene

Dr. Nimrod Partush, VP of Data Innovation at CYE, stresses the need for organizations to establish and maintain basic cybersecurity practices before delving into more sophisticated security strategies. By first identifying key areas that require attention and addressing foundational concerns, companies can significantly mitigate cyber risks and be better equipped to deal with emerging threats.

As CYE aims to continue providing insights for organizations, there is a hopeful outlook for the upcoming reports reflecting on improved cyber maturity. Their commitment to identifying exposures and crafting strategic mitigation plans will remain invaluable in fostering a safer digital ecosystem.

For further insights and to download the full report, visit CYE’s official website at cyesec.com.