433 million people are publicly disclosed as impacted by third-party breaches.

Average downstream breach victims per vendor increased from 2.46 in 2021 to 5.28 in 2025.

Every breached vendor now compromises an average of 5.28 downstream companies.

An estimated 26,000 shadow victims remain impacted by vendor breach cascades but are never officially named.

40% of organizations in industrial sectors cite cybersecurity concerns as a top obstacle to AI adoption.

OSs, including both desktop and mobile, were the most exploited product category in 2025, accounting for 44% (39) of all zero-days.

Browsers accounted for less than 10% of 2025 zero-day exploitation.

96% of organizations admit they have incomplete protection against human risk.

59% of respondents lack confidence they can quickly locate communications data for regulatory or legal requirements.

36% of organizations still relying on manual monitoring of communications data.

23% of organizations manage policies manually.

54% of U.S. school districts rate student identity theft or long-term harm as their number one concern.

58% of U.S. school districts have adopted new technologies to meet insurance requirements.

Nearly 40% of school district administrators are unsure if the new technologies they've adopted to meet insurance requirements actually make their students safer.

Only 11% of U.S. school districts have formal processes to vet AI use in edtech tools.

Identity theft rates peaked at 6.75% in the week of Christmas 2025.

Synthetic fraud rate dropped from roughly 67 basis points to 48 basis points, averaging 58 basis points.

Other consumer lending identity theft averaged 0.75%.

AI-generated spear phishing increased from 2.8% to 13.9% of total observed phishing in 2025.

31% of breached Microsoft 365 healthcare organizations were classified as High Risk.