Regulated data accounted for 54% of data policy violations linked to personal cloud applications in 2025.

In 2025, 98% of organizations reported spending between $1 and $5 million to recover from cyber incidents, with the average recovery cost per incident being $2.5 million.

66% of U.S. organizations say traditional privileged access reviews delay projects.

The top 25% of organizations experienced an average of 2,100 data policy violation incidents per month across 13% of their generative AI user base in 2025.

Approximately 3 million email addresses in the healthcare sector may be at risk of exposure to cyberattacks due to unverified email delivery practices.

Only 26% of organizations have fully documented and enforced AI governance policies in 2025.

76% of operations professionals say their organization relies on workarounds because their tools and processes can’t keep pace with changing business priorities.

1 in 5 organizations cite IAM skill shortages and complexity as major challenges.

46% are currently evaluating consolidation toward unified identity platforms.

46% of organizations identify emerging identity complexities as a top investment priority for 2026.

The number of organizations implementing real-time controls on data sent to personal applications increased from 70% to 77% from the previous year.

94% of global business leaders expect AI to be the most consequential force shaping cybersecurity in 2026.

65% of large companies cited third-party and supply chain risks as their greatest cyber resilience barrier in 2026, up from 54% in 2025.

In 2025, 55% of Chief Information Security Officers (CISOs) in the US and UK reported that their organization experienced a cyberattack, ransomware infection, compromise, or data breach that rendered mobile, remote, or hybrid endpoint devices inoperable.

9 in 10 organizations are piloting or using AI in identity and access management (IAM), yet only 7% have organization-wide deployment.

Organizations now manage machine identities at a ratio commonly exceeding 100:1, with some sectors approaching 500:1.

Only 12% of organizations have achieved comprehensive automated life cycle management for machine identities.

The number of users utilizing SaaS generative AI applications tripled in the average organization from October 2024 to October 2025.

In 2025, attacks leveraging generative AI were reported in 10% of phishing attacks.

In 2025, CAPTCHA was leveraged for added authenticity in 43% of phishing attacks.