31% of global business leaders reported low confidence in their nations' ability to respond to critical infrastructure attacks.

66% of U.S. organizations say traditional privileged access reviews delay projects.

The top 25% of organizations experienced an average of 2,100 data policy violation incidents per month across 13% of their generative AI user base in 2025.

Approximately 3 million email addresses in the healthcare sector may be at risk of exposure to cyberattacks due to unverified email delivery practices.

In 2025, the abuse of trusted, legitimate online platforms was noted in 10% of phishing attacks.

Only 26% of organizations have fully documented and enforced AI governance policies in 2025.

67% of CISOs stated they are the primary executive responsible for ensuring Cyber Resilience within their organization.

The number of organizations implementing real-time controls on data sent to personal applications increased from 70% to 77% from the previous year.

94% of global business leaders expect AI to be the most consequential force shaping cybersecurity in 2026.

65% of large companies cited third-party and supply chain risks as their greatest cyber resilience barrier in 2026, up from 54% in 2025.

In 2025, 98% of organizations reported spending between $1 and $5 million to recover from cyber incidents, with the average recovery cost per incident being $2.5 million.

1 in 5 organizations cite IAM skill shortages and complexity as major challenges.

9 in 10 organizations are piloting or using AI in identity and access management (IAM), yet only 7% have organization-wide deployment.

Only 12% of organizations have achieved comprehensive automated life cycle management for machine identities.

The number of users utilizing SaaS generative AI applications tripled in the average organization from October 2024 to October 2025.

In 2025, attacks leveraging generative AI were reported in 10% of phishing attacks.

In 2025, CAPTCHA was leveraged for added authenticity in 43% of phishing attacks.

In 2025, 'polymorphic' attacks that varied the email header, body, and destination were seen in 20% of phishing attacks.

76% of operations professionals say their organization relies on workarounds because their tools and processes can’t keep pace with changing business priorities.

46% are currently evaluating consolidation toward unified identity platforms.