In 2025, 52% (47) of the tracked zero-days were used to exploit end-user platforms and products.

71% of respondents expect negative business impact from attacks via Slack, Teams, Zoom, and similar platforms in 2026.

91% of organizations face obstacles ensuring employee compliance.

44% of organizations are training employees to recognize AI-driven exploitation.

41% of organizations have created specific AI usage policies.

Four out of five U.S. school districts (80%) believe AI is increasing their cybersecurity risk.

In 2025, 52% of U.S. school districts experienced a cybersecurity incident, up from 36% in 2024 and 31% in 2023.

Vendor-related cybersecurity incidents among schools districts rose from 4% in 2023 to 32% in 2025.

Demand Deposit Account (DDA) identity theft averaged above 10%, a new high for the industry.

Telecommunications identity theft averaged above 9%.

First-party fraud averaged just above 3% overall.

72.6% of successful AI attacks passed email authentication.

AI-generated emails reach the inbox more than half the time.

There was 55+ new synthetic media generators released in Q4 2025.

63% of TPRM programs operate with just one or two dedicated full-time employees.

13% of TPRM programs have no dedicated staff.

26% of the most mature TPRM programs report TPRM delivering high value across the organization.

67% of organizations with no TPRM processes view TPRM as little more than a compliance formality.

62% of healthcare leaders rate their organization's inability to protect unpatchable or agentless devices as a critical or significant limitation—the highest-rated limitation.

30% of healthcare leaders report poor visibility into device inventory as a key limitation.