43% of people have stopped using ChatGPT.

42% of people have stopped using Gemini.

37% of people have stopped using Facebook.

76% of people use multi-factor authentication, up from 69%.

82% of people opt out of data collection where possible, up from 75%.

In the past 12 months, 40% of organizations report inaccurate outputs from AI.

Each compromised device yielded an average of 87 stolen credentials.

276 million of the credentials indexed in 2025 included active session cookies.

The finance and technology sectors faced 211 and 179 of threat campaigns between January 1 and December 31, 2025.

Threat actors deployed more than 147,000 malicious domains, nearly 58,000 malware files, and actively exploited 549 vulnerabilities in 2025.

Web application attacks rose sharply, climbing 73% between 2023 and 2025.

In 2025, 28.65 million new hardcoded secrets were found in new public GitHub commits, a 34% increase from the previous year.

36% of CNI organisations reported increasing cyber budgets in response to an incident

43% of respondents from CNI organisations said data protection and privacy is the biggest security challenge in 2026.

Exploited high and critical severity vulnerabilities increased 105% from 71 in 2024 to 146 in 2025.

Valid accounts with missing or lax multi-factor authentication (MFA) accounted for 43.9% of all incident response investigations by Rapid7 in 2025, making it the single most common initial access vector.

Through 2027, manual AI compliance processes will expose 75% of regulated organizations to fines exceeding 5% of their global revenue.

By 2028, 70% of CISOs will use identity visibility and intelligence capabilities to shrink the IAM attack surface, reducing the risks of credential compromise.

79% of IT decision-makers state that AI-powered attacks pose a significant threat to their organization’s security.

66% of organizations report experiencing up to two cybersecurity breaches, a four-percent increase from last year.