Certificate lifetimes are set to shorten to 200 days in 2026, 100 days in 2027, and 47 days by 2029.

The mean DNS resolution rate for phishing operators was 96.16%, indicating high availability and minimal downtime.

51.54% of the phishing infrastructure is directly hosted, while 48.46% is protected by CDN/proxy services.

67% of ransomware reports that provided the communication method indicated that threat actors communicated with their intended targets via messages sent over The Onion Router protocol.

95% of cybersecurity professionals reported that they have at least one skill need in 2025, marking a 5% increase from 2024.

49% of IT leaders globally either don't track AI usage at all or address AI on a reactive basis.

77% of payments leaders identify fraud and cybersecurity risks as the primary barriers preventing innovation within their organisations.

Let’s Encrypt, Google®, and Amazon® issued 66% of all analyzed SSL certificates.

Over the past four months, 20 distinct phishing clusters were identified based on shared infrastructure fingerprints.

In 2024, ransomware incidents reported to FinCEN decreased to 1,476 incidents, reflecting $734 million in the aggregate value of reported payments.

88% of cybersecurity professionals have experienced at least one significant cybersecurity consequence in their organizations due to a skills shortage.

73% of organizations report confidentiality with proven technical assurances as a benefit of Confidential Computing.

61% of IT leaders globally found unauthorized AI tools in their environments.

9% of IT leaders globally believe their organization has a 'highly effective' defense against AI-generated cyber threats.

68% of organizations report better regulatory compliance as a benefit of Confidential Computing.

71% of public cloud users are the most likely to implement Confidential Computing technology, compared to 45% of hybrid/distributed cloud users.

13% of organizations reported having strong visibility into how AI systems handle sensitive data.

76% of respondents reported that autonomous AI agents are the hardest systems to secure.

57% of organizations reported lacking the ability to block risky AI actions in real time.

In the last quarter, over 42,000 validated URLs and domains were identified as actively serving phishing kits, command-and-control infrastructure, or payload delivery.