Exploits against IoT devices increase from 16% to 19%, with IP cameras and NVRs the most frequent targets.

70% of senior leaders are losing sleep over the security of their critical data.

85% of hackers believe reporting critical vulnerabilities is more important than making money.

71% of exploited vulnerabilities are not in the CISA KEV catalog.

Two of the top 10 most exploited Autonomous Systems from 2024 drop off the top-10 list in 2025, while three new Autonomous Systems had not previously ranked in the top 500.

242 vulnerabilities are added to the CISA Known Exploited Vulnerabilities catalog, a 30% year-over-year increase, and 285 vulnerabilities are added to the Vedere Labs KEV, a 213% year-over-year increase.

48% of enterprise leaders are not fully confident they could demonstrate compliance with data protection regulations.

Only 52% of enterprise leaders feel very confident about the security of data travelling across their own networks.

Attacks using OT protocols surge by 84%, led by Modbus (57%), Ethernet/IP (22%), and BACnet (8%).

11% of leaders say they are aware of definite weak points when their data travels across third-party infrastructures.

32% of leaders do not know the locations of all of their data centers, rising to 49% when including third-party providers.

Discovery activity accounts for 91% of post-exploitation actions, up from 25% in 2023.

98% of hackers remain proud of their work.

81% of banks experienced at least one unauthorized network access incident in the past year.

32% of cybersecurity leaders report AI-related attacks.

Only 28% of leaders in France feel certain they meet regulatory requirements, compared to 60% in the UK.

Web applications are the most attacked service type at 61%, up from 41% in 2024; remote management protocols account for 15%.

Nearly a third of senior leaders admit "we know we should do more than we do" when it comes to critical data security.

61% of hackers find more critical vulnerabilities when working in teams.

Confidence in data security falls to 40% when data passes through third-party provider networks.