The government sector was the second most targeted industry in March, averaging 2,582 weekly attacks, reflecting a 12% year-over-year decrease.

Hospitality, Travel & Recreation recorded a 30% year-over-year increase in attacks in March 2026.

Latin America recorded the highest attack volume globally in March 2026, averaging 3,054 weekly attacks per organization, alongside a 9% year-over-year increase. It was the only region to experience growth compared to February.

1 in every 28 GenAI prompts posed a high risk of sensitive data leakage in March 2026 and 91% of organizations using GenAI tools regularly were impacted by this risk.

29% of MSPs who reported BYOD-related security incidents report lost or stolen devices as a cause

55% of MSPs report at least one BYOD-related security incident in the past 24 months

42% of MSPs who reported BYOD-related security incidents report email or messaging compromise, primarily phishing

DDoS campaigns now combine 50+ attack vectors and adapt in real time.

Six-second pulse DDoS attacks eliminate the window for reactive intervention.

In 2025, 92% of npm account takeovers occur.

81% of organizations name OSS malware a top security priority.

85% of organizations have integrated AI into core operations or multiple functions.

25% of organizations have comprehensive visibility into employee AI use.

82% of organizations report an increase in AI-enabled attacks over the past year.

71% of people use an ad blocker, up from 69%.

63% of people feel resigned that their data is already out there, down from 74% last year.

90% of people are worried about AI using their data without consent.

Of the 7 million credentials indexed with identifiable authorization URLs, 63.2% were tied to authentication systems.

Average raw alerts per organization are 865,398, a 52% increase from 569,354.

High Business Priority is the most frequent risk-elevating factor at 27.76%, followed by PII Processing at 22.08% and CVSS High Severity at 20.55%.