Organizations are ‘rapidly prioritizing’ cyber risk oversight — Datos Insights report
In an era where cyber threats loom larger than ever, highly regulated organizations such as financial institutions (FIs) and insurers are increasingly elevating cyber risk oversight to the board level.
A new report from Datos Insights highlights this critical trend, finding that businesses who adopt integrated cyber governance, risk and compliance (GRC) frameworks are not only better equipped to manage risk but also more resilient and competitive.
According to the research, board and C-suite cyber GRC technology is now the second-largest planned cybersecurity investment for North American FIs in 2025, marking a major industry shift. With increasing regulatory pressures — such as the SEC’s 2023 cybersecurity risk management rules — and rising cyber threats, organizations can no longer afford fragmented governance, risk, and compliance (GRC) approaches.
You can read the full research paper, Cyber GRC: Elevating the Board in the New Age of Risk, here.
Key findings: Cyber risk at the board level
The Datos Insights study, which surveyed CISOs and cyber-risk leaders from 20 North American regulated firms, reveals that financial institutions are rapidly prioritizing board-level cyber risk oversight. Among the key findings:
- 57% of financial institution risk leaders rank improving cyber risk oversight at the board level as their top priority for 2025.
- 60% cite high resource impact on staff as the most severe pain point with current board-level cyber GRC solutions.
- Enterprise risk visibility and cyber risk quantification (CRQ) remain significant gaps, preventing many organizations from effectively assessing and mitigating cyber threats.
The challenge: Overcoming siloed and inefficient cyber GRC practices
Historically, cyber risk management has lagged behind other traditional GRC functions in maturity. While organizations have long-established frameworks for managing financial, operational and compliance risks, cyber risk remains a highly dynamic and evolving challenge. The rise of remote work, digitalization and third-party dependencies has only compounded the complexity.
Without an integrated cyber GRC platform, many financial institutions struggle with:
- Siloed data and inconsistent reporting, making it difficult to track and respond to risks in real time.
- Lack of board-level cyber expertise, limiting the effectiveness of oversight and governance.
- Regulatory pressure, with frameworks like NIST CSF and SEC regulations demanding greater transparency and incident disclosure.
Diligent One Platform: A solution for the evolving cyber GRC landscape
As organizations work to modernize their cyber strategies, the Diligent One Platform has been recognized as a leading GRC solution. By providing real-time insights into cyber risks, automating compliance workflows and streamlining board reporting, Diligent One helps boards and C-suite leaders stay ahead of evolving cyber threats.
Key capabilities include:
- Integrated dashboards and AI-driven insights, enhancing board-level risk visibility.
- Automated compliance tracking, streamlining regulatory reporting and disclosures.
- Enterprise-wide risk quantification, enabling leaders to measure and mitigate cyber threats effectively.
What’s next for cyber GRC?
As CROs, CISOs and general counsels increasingly work in partnership with boards on cyber risk and compliance oversight, organizations must rethink how they govern, manage and respond to cyber risk. As regulatory scrutiny intensifies and cyber threats grow more sophisticated, the ability to demonstrate cyber resilience will become a defining factor for financial institutions.
For those still relying on disconnected cyber risk management tools, the Datos Insights report serves as a clear warning: unified cyber GRC is no longer optional — it’s a competitive necessity.
Want to dive deeper? Download the full Datos Insights report to learn how leading organizations are transforming board-level cyber risk oversight.
More to explore
The Cyber Leadership Playbook
Learn how to bridge the gaps between cybersecurity, legal and board leadership for smarter cyber risk management & governance. Download the guide today.
Cybersecurity governance: The board’s secret weapon for unlocking shareholder value
Discover how effective board oversight in cybersecurity drives resilience, boosts shareholder value, and safeguards long-term organizational success.
Outsmarting cyber risk: An exclusive look at the future of cybersecurity
Read our infographic for key insights from The Diligent Cyber Risk Virtual Summit.
