5 Key Takeaways from SAFE at the Gartner SRM Conference 2025 in London

High demand for risk quantification and third-party risk management

Standing room only at the SAFE event “Why Third-Party Breaches Keep Playing on Loop” with Jay Vinda (Global CISO at Mosaic Insurance), and SAFE’s Resha Chheda (VP-Product Marketing and Analyst Relations) and Saket Bajoria (Chief Product Officer).

By Daniel Cuffley

“We have thousands of Third Parties and only 5% visibility, we’re seeing airports disrupted, online stores closed, manufacturing halted with TP breaches…… Where do we start – and how do we get control of TP’s FAST!?!”

–A typical problem statement when meeting hundreds of CISO’s and risk practitioners this week.

Fresh off an electrifying three days at the Gartner Security & Risk Management (SRM) Summit 2025 in London, SAFE has made a seismic impact in Europe. We engaged with hundreds of CISOs, conducted countless demos, and showcased our groundbreaking autonomous platform for Cyber Risk Quantification (CRQ) and Third-Party Risk Management (TPRM). The energy was palpable, the conversations were insightful, and the momentum is undeniable. 

Here are the five critical learnings we took away from this transformative event:

1.  Risk Remains Poorly Defined in Cybersecurity

Despite years of progress, the cybersecurity industry still grapples with a fundamental issue: Risk is not consistently or clearly defined. 

“If we move from red to orange I don’t think anyone cares.”

–CISO at a large manufacturer

Conversations with CISOs revealed that organizations often lack a unified framework to quantify and articulate cyber risk in a way that resonates with business leaders. This ambiguity hinders strategic decision-making and resource allocation. At SAFE, we’re tackling this head-on with our AI-powered CRQ platform, which provides real-time, data-driven risk insights to bridge the gap between technical threats and business impact. The consensus at Gartner? A standardized, quantifiable approach to risk is no longer optional—it’s essential.

SAFE CEO Saket Modi’s keynote “Autonomy or Fallout,” on the future of TPRM.

2. TPRM Is a Top Priority, but It’s Disjointed and Broken

“We have an outside-in tool, a questionnaire tool, a team calling vendors begging to complete questionnaires, a team checking contracts, a team trying to co-ordinate it all make a guesstimate on risk – and a business demanding we don’t slow them down, whilst businesses are being hacked around us via Third Parties.”

–Utility industry CISO

Third-Party Risk Management (TPRM) emerged as a top concern for CISOs, yet many described their current processes as fragmented and ineffective. The reliance on manual assessments, outdated tools, and siloed workflows leaves organizations vulnerable to supply chain attacks and compliance gaps. 

Gartner analysts echoed this, noting that “most third-party cyber risk programs aren’t ready to meet the moment” and require optimization to handle growing complexities. SAFE’s autonomous TPRM solution, powered by 25+ specialized AI agents, was a revelation for attendees. By automating risk identification, prioritization, and remediation across vendors, we demonstrated how to streamline TPRM and reduce exposure without adding headcount.

3. CISOs Face Pressure to Translate Risk into Business Terms

CISOs are under more pressure than ever to move beyond technical jargon and communicate cyber risks in language that boards and executives understand. Gartner’s keynote emphasized that effective CISOs align security strategies with business objectives, framing cybersecurity as a driver of enterprise success rather than a cost center. Attendees shared that they’re increasingly expected to quantify risk in financial terms and demonstrate ROI on security investments. SAFE’s platform resonated here, offering CISOs tools to present clear, business-relevant metrics—like potential financial losses from cyber incidents—empowering them to secure buy-in from leadership.

Another driver for risk quantification: The NIS2 Directive introduces stringent cybersecurity risk management requirements for essential and important entities within the EU. By leveraging SAFE’s capabilities, organizations can effectively implement the necessary technical, operational, and organizational measures to manage cybersecurity risks, ensure business continuity, and fulfill reporting obligations. Read our NIS2 Whitepaper for details.

4. The Pace of Change and Innovation Amplifies Risk, Especially with AI

The rapid pace of technological innovation, particularly the rise of AI, is reshaping the risk landscape. Gartner sessions highlighted AI as both an opportunity and a threat, with CISOs needing to navigate new attack surfaces like agentic AI and model drift risks. Discussions around quantum computing and post-quantum cryptography further underscored the urgency of preparing for emerging threats. SAFE’s demos showcased how our platform proactively identifies and mitigates risks introduced by AI adoption, enabling organizations to innovate confidently while maintaining resilience. The message was clear: staying ahead of innovation-driven risks requires automated, real-time solutions.

5. AI Adoption Is Demanded but Requires First-Principles Thinking

AI adoption is no longer a choice—it’s a mandate. However, CISOs stressed that the “why” and “what” must come before the “how.” Many organizations are rushing to implement AI without clearly defining the problems they aim to solve or grounding their approach in first-principles thinking. Gartner analysts urged leaders to cultivate AI literacy and experiment with targeted use cases that deliver measurable outcomes. SAFE’s agentic AI platform stood out as a practical example, autonomously handling CRQ and TPRM to solve specific, high-impact problems. By focusing on clear problem definitions, we’re helping CISOs harness AI’s potential while avoiding the pitfalls of hype-driven adoption.

SAFE’s team in London

Looking Ahead from Gartner SRM Summit 2025: SAFE’s Impact in Europe

The Gartner SRM Summit 2025 was a milestone for SAFE as we solidified our presence in Europe. The overwhelming response to our platform—recognized as a leader in CRQ by Forrester and #1 in TPRM product capability by Liminal Research—validated our mission to transform cyber risk management. From engaging with CISOs to showcasing our AI-driven solutions, we left London inspired and energized to drive resilience and innovation across the region.

Want to see how SAFE can redefine your approach to cyber risk? Schedule your demo now. Let’s shape the future of cybersecurity together.