10% of financial institutions still rely on spreadsheets, down from 13% in 2025.

60% of healthcare leaders flag their organization's inability to protect unpatchable or agentless devices as a critical or significant limitation.

Four authentication-related weaknesses appeared in every final codebase: insecure JWT verification and management; lack of application-level brute force protections; exposure to token replay attacks; and insecure defaults for refresh token cookie configurations.

Anthropic's Claude produced the highest number of unresolved high-severity vulnerabilities in the final applications.

51% of organizations cite differing risk tolerance as the leading cause of gaps in threat prioritization.

45% of IT professionals use AI to predict capacity and performance issues

More than 20% of Australians share login credentials for sensitive accounts such as email or banking.

The tendency to prioritise protecting work accounts over personal accounts reaches 66% for Gen Z, 65% for Millennials, and 35% for Gen X.

4 in 5 ClickFix payloads intercepted by Push were accessed via search engines as the result of malvertising or infected webpages.

The rate of browser tampering on desktop nearly doubled between 2024 and 2025.

Zero-day vulnerabilities are being mass exploited in as little as 24 hours after discovery.

44% of midmarket organizations describe a stack that is either outgrown or fragmented.

The United States was the most impacted country, accounting for 51% of all reported ransomware attacks.

17% of phishing cases involved voice-based social engineering (vishing).

68% of the enterprise environment remains untested, creating significant blind spots.

87% of organizations have moved beyond evaluation and are actively planning, piloting, or using agentic AI for penetration testing.

98% of senior corporate security leaders with an AI cybersecurity governance framework agree the framework is essential for ensuring the responsible use of AI.

SpyCloud identified 1.1 million password manager master passwords circulating in underground sources.

Autonomous agents account for more than 1 in 8 reported AI breaches.

31% of organizations do not know whether they experienced an AI security breach in the past 12 months.