8% of organizations leave phpMyAdmin internet-facing.

Mean recovery cost for identity-related incidents reached $1.64 million, with a median of $750,000, and 73% of affected organizations facing costs of $250,000 or more.

Across multiple identity-related breach categories, 90% of organizations report a successful identity-related breach in the last 12 months, with 83% seeing it happen at least twice, and 76% experiencing it three or more times.

Aggregate unplanned downtime costs for Global 2000 companies total $600 billion annually, representing a 50% increase in two years.

iOS applications faced an 86% attack rate in 2026, compared to an 89% attack rate for Android applications.

969 malicious AI agent skills were identified carrying high-impact payloads.

The most prevalent malware families observed in 2025 are Cobalt Strike, Sliver, Metasploit, Burp, PlugX, SuperShell C2, Havoc, Panda C2, Brute Ratel, and ShadowPad.

Less than 2.5% of the AI-assisted malware observations involved less- common techniques with one or fewer known malware examples.

US SELF DRIVE Act of 2026 requires the Secretary of Commerce to brief Congress on connected vehicle supply chain security within 180 days

ChargePoint Home Flex flaw (ZDI-26-197) allows unauthenticated network-adjacent remote code execution as root via OCPP message handling

Around 60% of automotive vendors had already adopted IDS at time of Automotive Cyber Security Connectivity and SDV Week 2025 survey

45% of digital trust professionals noted that AI risks are an immediate priority.

The most commonly outsourced cybersecurity services among middle market firms are cloud security management (50%), security awareness training (44%), security operations center services (43%), and risk and compliance management (41%).

97% of respondents reporting that tool fragmentation adds additional time to identity-related incidents, amounting to an average of 12 hours per incident.

Financial services applications faced a 91% attack rate in 2026, the highest recorded for any vertical.

74% of digital trust professionals cited privacy violations as an AI risk.

66% of decision makers said that protecting enterprise data at scale was a security priority over the next 12 months.

Legal and Governance departments account for 19.5% of all AI hours, with 81% of that use occurring on enterprise plans.

35% of decision makers said that protecting enterprise data at scale was a mission-critical security priority over the next 12 months.

64% of decision makers said that improving the overall security posture related to external threats was a security priority over the next 12 months.