SMBs represent 99% of all U.S. businesses.

A single SMB breach can exceed $4.91 million when downtime and recovery are included.

More than 7,000 ransomware incidents were reported globally in 2025.

64% of desk-based workers who use email or chat say an AI-generated message could likely impersonate someone they work with.

90% of enterprises have validated bulk recovery, demonstrating maturity in disaster recovery preparedness.

90% of restores are single-file downloads.

Identity systems are tested four times less often than productivity systems in disaster recovery preparadness.

52% of organizations use workload identities for AI agents, 43% rely on shared service accounts, and 31% allow agents to operate under human user identities.

Average incidents per enterprise in Canada increased from 191 to 342 year-over-year.

Across all industries, 30% of connected devices lack encryption.

73% of enterprises say AI-assisted development is increasing software velocity beyond the pace security teams can review.

46% of security teams at enterprises spend significant time triaging vulnerabilities that ultimately do not matter.

78% of enterprises are piloting or deploying agentic AI systems capable of taking autonomous action.

73% of enterprises report extensive AI usage in their development processes.

11% of digital trust professionals say humans intervene in AI decision-making only when alerted to potential issues.

Global median dwell time was 14 days, up from 11 days.

Nearly 60% of enterprises believe AI-driven networks require a fundamentally different security architecture than traditional networks.

Prior compromise was the top initial infection vector in ransomware operations at 30%, up from 15% in 2024.

Highly interactive voice phishing accounted for 11% of intrusions, making it the second-most common initial infection vector.

The high tech sector accounted for 17% of incidents.