Only 9% of midmarket organizations discuss cyber risk at board level.

The average number of weekly cyber attacks per organization reached 2,086, representing a 9.6% increase year over year.

Software supply chain compromises accounted for 3% of cybersecurity intrusions investigated.

45% of intrusions resulted in data theft without immediate extortion attempts at the time of the engagement

28% of intrusions investigated resulted in data theft that bore indications of extortion.

64% of organizations prefer an agent-led, human-oversight model combining machine scalability with a human safety net.

Currently, 23% of senior corporate security leaders say deep fake and impersonation defense is largely run with agentic AI; this rises to 42% in two years.

Successful phishing attacks have surged 400% year-over-year.

Thirty-four active malware families targeted 1,243 financial apps across 90 countries.

The United States had the highest concentration of targeted apps globally, with 162 banking applications under active targeting, up from 109 in 2023.

Over 80% of SaaS access is managed through static profiles.

One in four users (25%) rely on broad, difficult-to-audit static profile bundles for SaaS access.

Human workers never interact with 91% of the sensitive data available to them.

81% of incidents carried out by Iran-affiliated groups target organizations in the U.S. and Israel.

The median security team spends 20 minutes dismissing a single junk alert.

ChatGPT-User was the second most impersonated agent in early 2026.

Only 10% of organizations have achieved very high cyber maturity.

48% of businesses say the CEO now makes the final decision on cyber budgets.

43% of organizations report limited cyber literacy among executives.

Organizations face an average annual recovery cost and downtime of $2.2 million from cyber incidents.