63% of decision makers said that taking a more proactive approch to security was a security priority over the next 12 months.

58% of decision makers said that improving the overall security posture related to internal threats was a security priority over the next 12 months.

65% of organizations use IAM systems.

60% of organizations use vulnerability management tools.

56% of leaders lack a full view of risks and vulnerabilities within business systems.

13% of employees say they’ve sold or know someone who has sold company login details – often under the belief it’s harmless

8% of organizations expose UPnP on the public internet.

Organizations with over 5,000 employees manage more than twice as many external assets as organizations with 1,000–5,000 employees.

50% of small business owners say financial institutions are "very responsible" for preventing and protecting against fraud.

43% of affected small businesses say fraud makes it harder to accept payments.

65% of organizations report challenges with shadow AI.

Only 40% of organizations have a formal AI governance framework in place.

One in three large organizations lack a formal AI governance framework.

63% of law firm decision-makers report a significant email-based security breach in the past 12 months.

83% of law firm clients say a firm's technology sophistication affects their confidence.

57% of law firms reported a mobile-related breach.

78% of security leaders report high confidence in their defenses, even though security teams score as low as 30% in Defensive Security Readiness exercises.

73% of organizations are using AI agents in their Security Operations Center at a moderate to high level.

72% of organizations do not detect credential misuse in real time, often taking hours or sometimes days or weeks to identify unauthorized privileged access.

51% of U.S. cybersecurity decision-makers identify AI-related Non-Human Identity management and security as a top identity governance gap.