In December 2025, Japan had 18%, the UK had 16%, and the US had 12% of organizations classified as 'Exceptional' in AppSec maturity.

73% of organizations rely on informal judgment for executive security.

63% of respondents that prioritize SBOM validation say they're highly prepared to evaluate third-party software.

53% of organizations identified lenient identity and access management practices as a top challenge.

48% of New Yorkers stated they have been the victim of a cyberattack at least once.

Two-thirds of organizations report annual spending on CEO security below $10,000.

22% of organizations are 'not sure' how security costs should be treated for disclosure.

97% of organizations prioritize consolidating their cloud security footprint due to tool sprawl.

43% of SMBs report they experienced a cyberattack in the past 5 years.

30% of teams take more than a full day to resolve an incident due to disjointed workflows between cloud and SOC teams.

89% of organizations believe that cloud and application security must be fully integrated with the SOC.

60% of organizations that perform automatic continuous monitoring report remediating critical software vulnerabilities within a day.

Performance inefficiencies, such as excessive I/O, appear nearly 8 times more often in AI-generated code compared to human-written code.

Only 24% of organizations have adopted comprehensive strategies to secure AI-generated code.

API attacks increased by 41% due to the rise of agentic AI relying heavily on APIs.

44% of New Yorkers use unique passwords for all of their accounts, while 56% reported reusing passwords across multiple accounts.

Two-thirds of school IT leaders worldwide rated their cybersecurity maturity as moderate.

Over 90% of developers report using AI coding tools to enhance productivity and manage routine tasks.

74% of schools lack a dedicated cybersecurity specialist in 2025

89% of schools experienced at least one cyber incident in the past year, primarily phishing, unauthorized access, and malware.