From 2024 to 2025, the general trend of around one-third of employees clicking on a simulated phishing link before training remained fairly consistent.

99% of organizations experienced security incidents linked to avoidable human error.

Many SAT programmes exist primarily to satisfy regulatory or insurance requirements.

95% of organizations see value in using AI to Conduct conversational coaching by leveraging LLMs.

Only 39% of business operations run on secured applications, according to CISOs.

In nearly half of software-based product companies, security oversight has moved outside the CISO’s office entirely.

Publicly disclosed ransomware victims climbed to 6,046. This represents a 24% increase year over year for publicly disclosed victims. The victim count has also more than doubled since 2023.

52 entirely new ransomware groups emerged in the last year.

EMEA continues to see the lowest regional attack rate globally at 0.6% of transactions, according to the LexisNexis® Identity Abuse Index.

A significant minority (37%) of manufacturing and automotive decision-makers foresee AI causing network costs to rise.

19% of manufacturing and automotive decision-makers think that AI has been overhyped in the short-term but foresee substantial mid- to long-term benefits.

69% of enterprise network decision-makers in the manufacturing and automotive sectors are comfortable with increased AI integration in their network operations.

First-party fraud is now the leading type globally, representing a third (36%) of all reported fraud in 2024. This is a significant increase for first-party fraud, which was up from 15% the year before (in 2023).

There were more than three billion brute-force automated account takeover attacks detected last year alone.

LATAM's attack rate is now lower than North America at 2.2%.

LATAM has seen a sustained decrease in its attack rate (1.6%) since the end of 2023.

Across different regions, the highest baseline PPPs were found in South America (39.1%), North America (37.1%), and Australia and New Zealand (36.8%).

96% of organizations see value in using AI to Create dynamic risk scores based on past user behaviour and the types of attacks targeting certain types of users.

After 12 months of security training, the global Phish-prone™ Percentage (PPP) dropped to 4.1%.

Across both sectors (manufacturing and automotive), 70% of respondents expect DDoS attack mitigation to be largely driven by AI (as opposed to humans) within four years.