CYE Releases 2025 Cybersecurity Maturity Report Confirming that More Cybersecurity Spending Does Not Equate to Safer Businesses

Global report finds that although cybersecurity maturity is improving globally as a whole, many organizations lack full awareness of their assets and exposures.

HERZLIYA, Israel, June 25, 2025 /PRNewswire/ -- CYE, a leader in cyber exposure management, today released its 2025 Cybersecurity Maturity Report, a comprehensive industry data report. It is based on in-depth analysis of hundreds of data points from Hyver, CYE's SaaS platform, and security assessments spanning 17 countries and 15 industries. Evaluating cybersecurity performance mapped by Hyver in this study across NIST CSF 2.0's six functions, the data reveals how cyber maturity is shifting, and the areas to focus on in order to drive organizations' cyber resilience.

According to Gartner, cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion in 2024 to $212 billion. Despite this proliferated investment, CYE's analysis shows that organizations still struggle to keep up with the growing complexity of risks, tools, and compliance demands. New technologies like GenAI have introduced both opportunity and cyber exposure, while attackers have become more agile, persistent, and well-funded. As a result, security incidents remain a major source of disruption and loss across industries. Therefore, improving cybersecurity maturity has never been more critical to determine the action plan towards improving cyber resilience.

"Since the release of our first Cybersecurity Maturity Report in 2023, the threat landscape has continued to evolve at a relentless pace and we are unfortunately seeing the same mistakes being made year after year," said Reuven Aronashvili, founder and CEO of CYE. "This report should serve as a wakeup call that we're never done when it comes to cyber resilience. Resilience should be a continuous cycle with clear visibility of the organization's specific attack surface in context of the imminent cyber threats and vulnerabilities that are most likely to be exploited by attackers within the entire organizational environment."

Building on CYE's previous findings, this year's report provides an updated view of global cybersecurity maturity. The report sheds light on how organizations' cybersecurity maturity differs across countries, sectors, and size, with CYE's recommendations and best practices to continuously improve cyber resilience. Key findings observed in the report include:

• Organizations Can't Protect What They Don't See: The top findings reveal that many organizations lack full awareness of their assets and exposures. For instance, according to Vanta, over 75% of companies admit to poor visibility into IT assets, and that directly translates into higher security risks.
• Big Budgets Help, But Smart Strategy Matters More: Countries like Japan and Norway yet again achieved higher cyber readiness than larger nations like the US or UK, underscoring that well-coordinated national strategies and investments in planning can yield better incident response outcomes than budget alone.
• Basic Cyber Hygiene Practices Are Still Broken: Many of the most critical findings in this year's report—weak password policies, unpatched systems, etc.—are foundational issues. In fact, CYE's Cost of Breach dataset found an estimated 81% of corporate breaches are linked to stolen or weak passwords.
• Widespread Gaps in Supply Chain Risk Management: In 2025, Verizon reported that third-party involvement in breaches doubled to 30%. Yet, many companies still lack formal methods to identify and manage cyber risks posed by external vendors and suppliers, leaving a significant blind spot in their overall cybersecurity strategy.
• Recovery is Still an Afterthought: Half (50%) of businesses still do not have a documented business continuity plan (BCP) in place and disaster recovery plans remain a weakness.

"Establishing and updating basic cyber hygiene is crucial before pursuing advanced security measures," said Dr. Nimrod Partush, VP of Data & Innovation at CYE. "Regardless of the level of maturity, assessing and developing your cyber resilience starts with identifying your areas of focus and addressing the foundations to reduce cyber exposures with actionable intelligence, as attackers will inevitably exploit any unrecognized and unprotected weaknesses. Our research and analysis from world-class data scientists aim to provide insights for organizations to continuously manage those exposures so we will hopefully see improvements in our next Maturity Report."

Click here to download the full report.

About CYE
CYE's exposure management platform, Hyver, transforms the way security teams protect their organizations. With CRQ at its core, the platform reveals enterprises' exposure in financial terms, identifies the most exploitable attack routes to critical business assets, and creates mitigation plans tailored to each business. CYE's customized reporting enables the sharing of vital board-level metrics and validating exposure reduction over time. In addition, CYE improves cybersecurity maturity by mapping weaknesses and defining targets based on industry frameworks. Founded in 2012 in Israel with operations around the world, CYE has served hundreds of organizations across industries globally. Visit us at cyesec.com.

Media Contact:
Katie Brookes
Brookes@merrittgrp.com
732-284-7002

View original content:https://www.prnewswire.com/news-releases/cye-releases-2025-cybersecurity-maturity-report-confirming-that-more-cybersecurity-spending-does-not-equate-to-safer-businesses-302490833.html

SOURCE CYE