97% of leaders agree that AI governance is mission-critical.

63% of organizations have investigated severe data leaks within the past 12 months where generative AI tools were a definitive contributing factor.

Phishing activity declined by approximately 20% year-over-year in both 2024 and 2025.

Services industry phishing hits surged 65.5% year-over-year from 330.9 million to 547.7 million hits.

95.2% of phishing activity is delivered over encrypted channels.

60% of organizations report the CISO has ultimate responsibility for OT cybersecurity, down from 69% in 2025.

81% of organizations plan to assign OT cybersecurity to the CISO within the next year, up from 80% in 2025.

Organizations' OT cybersecurity maturity ratings at Level 0 increased to 5%, up from 1% in 2025.

Organizations' OT cybersecurity maturity ratings at Level 1 increased to 17%, up from 5% in 2025.

Organizations' OT cybersecurity maturity ratings at Level 2 increased to 27%, up from 13% in 2025.

Organizations' OT cybersecurity maturity ratings at Level 4 fell to 17%, down from 49% in 2025.

Level 4 maturity for OT security solutions declined to 14%, down from 19% in 2025.

76% of organizations reported phishing as an intrusion.

50% of organizations reported ransomware intrusions, down from 54% in 2025.

There is a 20-point increase in organizations expecting new regulations within two to five years rather than beyond five years.

14% of organizations have full visibility into OT systems, up from 5% in 2025.

40% of organizations report their ICS systems are less than five years old, up from 20% in 2025.

18% of developers apply security continuously as they write code.

95% of CISOs feel pressure to suppress or delay compliance-related security issues when business deadlines are at stake.

Companies with 81–100% AI-generated production code ship software with known security vulnerabilities at a 47% rate compared with 14% for companies with 1–20% AI-generated production code, making them nearly three times more likely.