75% of organizations knowingly deploy vulnerable code at some point.

More than 80% of developers do not apply application security continuously as code is written.

Within one year, the share of organizations knowingly shipping vulnerable code decreases from 81% to 75%.

Within one year, the proportion of companies with formal AI governance policies increases from 18% to 22%.

93% of organizations acknowledge a recent breach tied to their own applications.

73% of organizations describe their security posture as 'advanced' or 'highly mature'.

78% of organizations lack formal AI governance policies.

More than 30% of US organizations report experiencing a major AI-related security incident in the past 12 months.

Nearly 70% of US CISOs and senior security leaders say they are actively following AI-related regulations or standards.

85% of IT professionals report having AI policies or oversight mechanisms in place.

56% of organizations now deploy AI broadly across multiple IT workflows or at business‑critical scale.

2% of organizations report no AI use at all.

Nearly 72% of IT organizations have created dedicated AI roles or teams, and another 13% plan to do so.

45% of IT professionals plan to use AI to automate patch deployment within the next 24 months.

42% of IT professionals say accountability for AI decisions is clear.

24% of IT professionals say AI policies are followed very consistently in day‑to‑day work.

68% of IT professionals have personally seen AI generate hallucinations with potential operational impact.

Nearly a quarter of IT professionals cite data challenges as the biggest barrier to AI deployment.

Nearly a third of the most mature IT organizations are still operating without fully embedded governance.

Direct ransomware attacks on financial institutions spiked 76% year-over-year in Q1 2026.