January 2026 marks five years since the launch of the ORX Cyber, and in this blog, we look back on yet another extremely successful year for the service in 2025. From considerable subscriber growth to innovative new outputs based on subscriber feedback, we have continued to evolve the service and its activities to best support the Cyber Community.
100+
cyber risk professionals
30+
organisations
The key developments and highlights from 2025 are presented below, structured around the core pillars of the Cyber service, along with an overview of how we plan to continue this work in 2026. We also held a recorded Cyber Community Information Session in December, which shared highlights from 2025 and plans for 2026.
Network & community
We were delighted to welcome six new subscriber firms to ORX Cyber in 2025, reinforcing that cyber risk remains a key priority across the industry, and highlighting the value of bringing together a community of second line cyber risk managers. Representatives from our subscriber firms meet regularly as part of our working group to discuss topics of interest to the community and to facilitate peer to peer questions. Based on subscriber feedback, from January 2026, we have merged our two existing quarterly working groups into a single Cyber Working Group that will typically meet monthly, allowing us to be more responsive to emerging topics.
This year we also hosted our two in-person Cyber forums once again, bringing together almost 40 cyber risk professionals from 22 organisations to network, share experiences and generate ideas for the future of cyber risk management.
You can read our summary blogs for a full recap of the European event in June and the North American event in October, including discussions on key cyber risks, emerging technologies (such as AI and quantum computing), geopolitics and regulation, and third party cyber risk. We would love to see returning and new faces join us for the 2026 events, further details will be shared with the community soon, along with opportunities to suggest topics for discussion.
Research & practice
From a research perspective, ORX Cyber had an exceptional year, with a record number of publications. We are deeply grateful to the Cyber community for their valuable input into surveys, discussion calls, and other research work. Here we provide an overview of key publications, grouped by themes in our research throughout 2025, along with a preview of our priorities for 2026.
Emerging risks
During Q1, we saw the publication of our pilot Cyber Horizon 2025 study, which provided a much-needed expert view of the emerging cyber risk landscape in parallel to the ORX Operational Risk Horizon. Feedback on this study was very positive, proving to be a valuable resource for threat prioritisation and cyber scenario analysis, and it was agreed that the service would continue to run this study on an annual basis, with the 2026 edition coming soon.
The Cyber Horizon study highlighted the growing cyber risks posed by AI, which we further explored in discussions at the Cyber forums (linked above under Network & community).
We will continue to progress our understanding of this key risk driver with focused discussions in Q1 2026, including topics such as:
Third party cyber risk management
The 2025 Cyber Horizon study identified Third or nth party compromise as the top emerging cyber threat in both the short and long term. Firms reported that this threat is likely to materialise, and that exposure is increasing, driven by reliance on a complex ecosystem of suppliers and the increasing trend of attacks against them. In order to support our community with this risk, we carried out two pieces of work focused on third-party cyber risks.
We ran a snap survey collecting information on how organisations are assessing and mitigating third-party ransomware exposure, summarised in this blog. We also ran a broader study, updating and building on our 2021 study into supplier cyber risk management. Our 2025 Third Party Cyber Risk Oversight and Assessment study examines the role of cyber teams in the wider TPRM process and provides a detailed exploration of industry practice for third party cyber risk assessments.
Cyber risk management roles and responsibilities
In 2025, we published our latest report in a series exploring roles and responsibilities for cyber risk management. This latest report provides an updated view of the previous studies, and some new elements based on subscriber feedback, including an individual firm benchmark report providing a quick reference to where practice corresponds or differs from the wider industry.
In 2026, we plan to extend this work into a broader cyber risk management benchmarking exercise. Working in partnership with the Cyber community, we aim to establish the key elements for comparison, which may include:
Measuring cyber risk
Understanding and quantifying exposure to cyber risk remains a challenge for the industry, as highlighted by our previous work on cyber risk quantification. In 2025, we developed new resources to help support organisations in this goal, analysing and summarising data available to us from across ORX. This included a monthly round-up of publicly reported cyber-related operational risk events from our ORX News service, as well as two pilot data packs, providing a detailed overview of cyber data relating to malware and phishing events.
We will continue this topic in 2026 by exploring how the industry uses cyber metrics/KRIs, including how they feed into cyber risk appetite and board reporting.
Data & benchmarking
Throughout 2025, we focused on evolving our data and benchmarking exercises to ensure they are fit for the future and deliver maximum value to our subscribers, particularly with the upgrade of our secure data exchange platform at the end of 2025. The launch of the new platform, Agora, provides an opportunity to enhance our reporting, particularly for the Cyber Event Data Exchange, and so in mid-2025, we met with all subscribers to create a roadmap for the future of that exercise, which resulted in a refreshed quarterly information pack with additional views of the data of value to the community.
Perhaps the most notable development in 2025, however, was the release of individual line-by-line anonymised data for the first time in Q1. This allows ORX Cyber subscribers to conduct their own analysis of industry cyber event data. Throughout 2026, we will ask the community to share use cases of how they have used the data to help measure and manage cyber risk. Finally, we also made some improvements to our Controls & Indicators exercise, uplifting to NIST v2.0, and capturing new fields based on feedback from the community, with further enhancements planned in 2026.
Looking forward to 2026
We would once again like to thank the Cyber community for their valuable contributions – it has been an exceptional year, made possible by the individuals who contribute their time and insights to ORX Cyber. We plan to build on the considerable momentum from 2025 and use new tools and our expanded community to deliver an even more impactful programme of work in 2026.
ORX Cyber - supporting the 2LOD
About ORX Cyber
ORX Cyber supports second line practitioners with the intelligence they need to manage and measure cyber risk. Designed specifically to support financial organisations, ORX Cyber provides many benefits, including:
- Access to crucial cyber event insights through data exchange
- Collaboration and engagement with experts and your peers
- In-depth research helping you make informed decisions and improve practice
