82% of CISOs worry agentic AI will increase deployment speed and the complexity of persistence mechanisms.

Joint accountability drives the most value for key security initiatives (62%).

Joint accountability drives the most value for security budget and funding (55%).

Joint accountability drives the most value for access to security-relevant data (49%).

High alert volumes are a leading stressor for security teams (98%).

More than three quarters of CISOs are now worried about personal liability for security incidents, a sharp jump from last year when just over half expressed similar fears.

More than four out of five CISOs oversee secure software development (DevSecOps).

Lack of shared data views is a barrier to cross-departmental data sharing (70%).

Data privacy concerns are a top barrier to cross-departmental data sharing (91%).

Roughly one-third of 2025 ransomware CVEs lack public or commercial exploits as of January 2026

New vulnerabilities linked to named state-sponsored groups decreased by 13%.

The number of files per codebase grew by 74% year-over-year.

46.6% of organizations report Insider Access misuse

The financial cost of a cybersecurity incident for AI-first businesses exceeds the cost for non-AI-first businesses by more than 135%.

86% of CISOs fear agentic AI will increase the sophistication of social engineering attacks.

Nearly all CISOs now report that their responsibilities include AI governance and risk management.

44% of AI-first organizations report that AI was directly exploited in their most recent security incident, compared to 6% of non-AI-first organizations.

78.2% of security leaders believe they are able to secure and govern non-human identities

27% of SMBs experienced customer data breaches in the past 12 months.

64% of organizations report that AI scraping has become a material cost center, with average annual infrastructure impacts exceeding $348,000.