Almost half of the CISOs who rated their compliance programs a 1 or 2 attributed their difficulties to a lack of personnel or resources.

Only 34% of email incidents are formally reported.

Email was the primary method for delivering malware to endpoints, accounting for 52% of threats in Q3 2024. This represents a 9% decrease compared to Q2 2024.

The top three GDPR fines in 2024 include €310m ($326m) against LinkedIn by the Irish DPC for its processing of personal data in advertising practices, €290m ($324m) against Uber by the Dutch Data Protection Authority (AP) for storing driver data in the US without adequate safeguards, and €251m ($263m) against Meta by the Irish DPC for a 2018 data breach4.

Of the organisations that measure the operational cost of managing compliance, 10.1% track IT costs.

Keyboard walks such as ‘qwerty’ are weak passwords used by millions of end users.

Simple passwords like Pass@123 and P@ssw0rd, which meet basic Active Directory requirements, are frequently used, increasing the risk of password reuse.

79% of CISOs say KPIs for their security teams have changed substantially over recent years.

The list of the top 10 most blocked AI apps are: QuillBot (33%), Beautiful.ai (31%), AiCHatting (30%), Pixlr (28%), Tactiq (27%), Writesonic (27%), DeepAI (24%), ElevenLabs (24%), Craiyon (24%), and Poe AI (23%)

A significant minority of UK organisations, 20%, expect increases of over 50% in their cybersecurity budgets.

Only 11% of AI-powered APIs implemented robust security measures, such as bearer tokens with expiration times.

Wallarm's researchers tracked 439 AI-related CVEs, a 1,025% increase from the prior year. Nearly all (99%) were directly tied to APIs.

DLP adoption varies widely by industry, with the telecommunications sector leading all others at 64% DLP adoption for genAI.

61% track the number of employees who have completed privacy training.

78% of IT leaders in Germany admit that employee mistakes in outbound emails result in more significant data loss than malicious inbound attacks.

The ransomware-as-a-service actor FunkSec was the most active in December 2024, responsible for 103 attacks, which is about 18% of all recorded attacks for the month. Check Point reported that FunkSec claimed to have targeted 85 victims in December.

67% of IT leaders agree that outbound email security doesn’t get as much attention beyond compliance, but it is the silent security killer

There was a 58% month-on-month increase in attacks targeting Asia in December, rising from 58 attacks in November to 92.

21% of CISOs revealed they had been pressured not to report a compliance issue.

70% of IT leaders in Netherlands agree that outbound email security doesn’t get as much attention beyond compliance, but it is the silent security killer