Device compromise attacks where attackers register their own hardware as a trusted factor, increased by 178%.

In 2025, 35% of Talos IR phishing cases involved internal phishing.

More than 90% of DDoS attacks last less than 10 minutes.

In 2025, security spending increased from 0.57% to 0.75% of revenue in the retail and hospitality industry.

Only 14% of previously compromised npm packages use modern security controls like Trusted Publishing.

VPN Common Vulnerabilities and Exposures (CVEs) grow 82.5% over the analyzed period.

Automated bots generate more than 36,000 vulnerability scans per second.

Bad bot traffic accounts for 37% of all global internet traffic.

SMBs account for nearly half of private sector employment.

Listings of stolen credentials linked to LummaC2 increased by 72% on underground marketplaces.

Distributed denial-of-service campaigns reached a peak of 31.4 Tbps.

63% of desk-based workers who use email or chat clicked a work-related link in the past year and later felt they should have double-checked it first.

68% of desk-based workers who use email or chat check work email or chat outside normal business hours at least sometimes.

56% of desk-based workers who use email or chat feel pressure to respond to work messages after normal business hours at least sometimes.

87% of IT leaders say offering passkeys is important

51% of organizations in Canada identify AI model monitoring, auditing and assurance tools as a priority.

97% of enterprise leaders expect a material AI-agent–driven security or fraud incident within 12 months.

49% of enterprise leaders anticipate a material AI-agent–driven security or fraud incident within six months.

78.5% of enterprises are already deploying AI-driven networks.

58% of US IT and security professionals at companies with at least 1,000 employees use immutable backup storage across all their data.