Special From CYRISMA

In this month's newsletter, we bring you some key findings from two recently-released industry reports ' PwC's 2025 Global Digital Insights Survey and Microsoft's 2025 Digital Defense Report.

We also have some great news from CYRISMA about a successfully concluded funding round; and information about our booth at IT Nation Connect in Orlando next month.

Continuing with our effort to release more educational content on cybersecurity compliance for our partners, we published a Whitepaper on GRC for Cybersecurity Professionals this month, which is available for download here.

PwC's 2025 Global Digital Insights Survey: Key Findings

PwC's '2025 Global Digital Trust Insights Survey' report is out, with interesting findings on how business and technology leaders across 77 countries are approaching cybersecurity.
Cloud-related threats: C-suite executives are most concerned about cloud-related threats in the coming year, and also feel least prepared to deal with these
Compliance Challenges: 46% CISOs are not confident about meeting data protection compliance requirements, and 49% feel unprepared for cyber resilience compliance.
Cyber Risk Quantification: Only 15% organizations are quantifying cyber risk to a significant extent, even while the vast majority agree that it's crucial to make informed strategic decisions.
Cybersecurity as a Competitive Advantage: Organisations are increasingly viewing cybersecurity as a key differentiator for a competitive advantage, with 57% saying that cyber resilience helps with building customer trust.
The Role of the CISO: Fewer than half the CISOs in the organizations surveyed are involved in strategic planning for cyber investments and board reporting.
Cyber Resilience Gaps: Only 2% organizations have implemented cyber resilience actions across departments and functions.

Download Report

Microsoft released its 2025 Digital Defense Report in October

Top threats and attack trends from July 2023 to June 2024

Education and Research Second Most Targeted after IT: Education and Research became the second-most targeted sector by nation-state threat actors.

Increased Ransomware Encounters; Fewer Reach Encryption Stage: A 2.75x year-over-year increase in human-operated ransomware-linked encounters was observed. At the same time, the percentage of organizations that reach the encryption stage has decreased more than threefold over the past two years.

Rise in 'Tech Scams': Tech scams surged 400% from 2021 to 2023. These scams often involve impersonating legitimate services or using fake tech support and ads to trick users into revealing sensitive information.

Identity-Related Attacks: Password-based attacks are most prevalent (99 percent of identity attacks), with Microsoft blocking 7,000 per second.

Evolving DDoS Attacks: Application-layer DDoS attacks became more common, posing greater risks to business availability. These attacks are stealthier, more sophisticated, and harder to mitigate than network-level attacks.

Cyber Defense Approaches to Consider

For defenders looking for effective approaches to stopping threats, the report emphasized on the 'Hierarchy of Cybersecurity Needs' and MFA as a quick win for all. 'Since password-only authentication configurations result in more than 99% of identity compromises, MFA can vastly reduce this risk.'

Secure by Default: The report also advocates for a 'secure by default' approach representing a mindset shift for security professionals. 'Instead of dialing up security to where it's 'safe,' we must start at the maximum level of security possible, then dial back as necessary,' say the authors.

Stronger Data Governance for Secure GenAI: Microsoft also talks about the need to implement sufficient data governance measures and increased awareness about secure GenAI-use to reduce the data privacy and data integrity risks associated with AI.

Attack Path Analysis and Critical Asset Management: One important lesson for security leaders is to think in graphs instead of lists and identify attack paths leading to the organization's most critical assets and data. This can be accomplished with detailed asset inventories, vulnerability data, and insight into external attack surfaces. Adopting a single pane of glass for 'a single view covering cloud assets, on-prem devices, data, identities, applications, network, and the Internet of Things (IOT)' is critical to visibility and effective defense.

Download Report

CYRISMA Secures $7M in Series A Funding Led by Blueprint Equity

CYRISMA has successfully concluded its Series A funding round, raising $7M. Led by Blueprint Equity, with participation from SaaS Venture and Golden Ventures, the funding will accelerate our platform development, fuel customer success, and expand sales and marketing initiatives. Commenting on the financing, CYRISMA Co-Founder and CPO Liam Downward said, 'In partnering with Blueprint Equity, we are excited to leverage their expertise and resources to further enhance our platform and support our customers. This investment will allow us to continue delivering an affordable and comprehensive risk management solution, empowering MSPs to protect their clients effectively.'

Read more

CYRISMA will be at IT Nation Connect from November 6-8, 2024

CYRISMA will be IT Nation Connect in Orlando, Florida, from November 6th to 8th. Stop by booth 360 for a quick chat about expanding your service offerings; selling more easily with financial impact data; and growing ARR with CYRISMA.

About the Event

About CYRISMA

CYRISMA combines multiple cyber risk management and compliance tools in a single, easy-to-use, and easy-to-sell SaaS platform, enabling MSPs and MSSPs to expand their cybersecurity services while reducing complexity and costs.

Platform features include Network Discovery, Vulnerability Scanning and Patch Management, Sensitive Data Discovery (on-prem and in the cloud), Compliance Assessment and Reporting, Cyber Risk Quantification, Dark Web Monitoring and much more!

The best part? All-inclusive pricing!

Watch a three-minute demo