1,732 data compromises were reported in the first half of 2025. This is about 5% ahead of H1 2024 in terms of compromises. It is also more reported compromises than at the halfway point in 2023, which was the previous high-water mark for data compromises.

H1 2025 compromises resulted in a little more than 165.7 million breach notices.

The number of victim notices through June 2025 is only 12% of the total for 2024. This is because there haven't been the same level of mega-breaches affecting hundreds of millions of people as seen last year.

37% of financial services organizations are dealing with higher costs passed on by ICT vendors as a consequence of DORA.

22% of financial services organizations believe the volume of digital regulation is becoming a barrier to innovation or competition.

60% of IT and security decision-makers warn that a lack of collaboration between procurement, IT, and security puts their organization at risk.

Nearly 30% of fraud leaders and enterprise customers surveyed reported having no reliable way to measure fraud across their systems.

94% of organizations are clear on the steps they need to take for DORA compliance.

40% of organizations call DORA a current "top digital resilience priority".

Attackers exploit new application vulnerabilities in just 5 days.

More than half (51%) of IT and security decision-makers cannot confirm if a printer has been tampered with in the factory or in transit once it arrives.

24% of financial services organizations have not identified a DORA implementation lead (a DORA requirement).

1 in 12 employees, or 7.95%, used at least one Chinese GenAI tool at work.

80.6% of the top 20 clicked links originated from internally-themed simulations.

Among the 1,059 users who engaged with Chinese GenAI tools, there were 535 incidents of sensitive data exposure.

36% of IT and security decision-makers apply firmware updates promptly during the Ongoing Management stage.

The average application is exposed to 81 confirmed, viable attacks each month that evade other defences

41% of senior IT decision makers at financial services report increased stress and pressure on IT and security teams due to DORA.

21% of financial services organizations have not ensured backup integrity and secure data recovery (a DORA requirement).

86% of IT and security decision-makers say data security is a barrier to printer reuse, resale, or recycling.