Ransomware activity is most heavily concentrated in the GCC, which accounted for over 100 reported incidents in 2025.

Public IAB listings declined 27% shifting high-value deals into private channels.

Financial services (68.45%) was the top industry targeted by phishing attacks globally in 2025.

48.1% of organizations have experienced Multi-Factor Authentication (MFA) fatigue attacks

Only 3.8% of companies made it through the last year without a significant identity-related incident

Over 54% of security leaders cite unchecked growth of permissions as their top hurdle

33.1% of organizations consider non-human identities to be a material risk

42.1% of organizations identify Mean Time to Detection as a top priority for improvement over the next year

39.1% of organizations report Service Account abuse

37.5% of organizations report Lateral Movement

68.4% of organizations are using AI only in narrow use cases rather than AI-native tools and workflows

47.1% of security leaders distrust automated results

41.2% of security teams cite insufficient auditability as a barrier to automation

45.9% of organizations cite data quality and schema issues as a barrier to automation

52.6% of organizations cite skill gaps and lack of expertise as a barrier to automation

False alerts are a leading stressor for security teams (94%).

Tool fatigue is a leading stressor for security teams (79%).

92% of CISOs say that improving threat detection and response capabilities is a top priority.

68% of CISOs prioritize investing in AI cybersecurity capabilities.

92% of CISOs say AI enables their teams to review more security events.