2025 Annual Risk Assessment

PDF

Page 1 of 2

Page 8

2025 Annual Risk Assessment — Executive Summary. This document presents the findings of the 2025 annual enterprise risk assessment conducted in accordance with ISO 31000 and the NIST Cybersecurity Framework. The assessment evaluated 47 risk scenarios across five domains: cybersecurity, regulatory compliance, operational resilience, third-party management, and strategic risk. Risk #1: Third-party data processors operating outside the European Economic Area without adequate Standard Contractual Clauses (SCCs) represent a high-likelihood compliance risk under GDPR Articles 44-49. Remediation: Complete SCC audit for all sub-processors by Q2 2025. Risk #2: Ransomware attacks targeting centralised document repositories remain a medium-likelihood but critical-impact threat, with estimated recovery costs exceeding $2.5 million per incident. Remediation: Implement immutable backup infrastructure and conduct quarterly tabletop exercises. Risk #3: Employee credential phishing is rated high likelihood based on a 12% click-through rate observed in the most recent simulation campaign.

Intelligence

Title

2025 Annual Risk Assessment

Type

PDF

Pages

Words

14,200

Collection

Compliance

Chunks

Embedding model

text-embedding-3-large

Total queries

Uploaded

Jan 19

Last queried

6h ago