Top 5 industries by cloud‑asset vulnerability: Professional Services: 25.0%, Retail: 23.3%, Government: 18.4%, Education: 17.6%, Media: 13.8%.

In one analysis, retail had 30.9% vulnerable web applications.

73% of respondents say they already work with an MSP.

In one analysis, finance had 5% of vulnerable assets across cloud, APIs, and web applications.

Nearly one in 10 (7%) of those surveyed did not know which data sets to encrypt.

Only 4% of organizations are now using encryption specifically to protect against ransomware in 2025. This is a decrease from 12% in 2024.

In one analysis, education had 17.6% vulnerable cloud assets.

In one analysis, the services sector had 10.6% vulnerable APIs.

There has been a 33% increase in SaaS-related security incidents over 2024.

In one analysis, retail had 23.3% vulnerable cloud assets.

Nearly one-third of respondents say they need a dedicated SaaS Security Posture Management (SSPM) solution.

In one analysis, construction had 18% of vulnerable assets across cloud, APIs, and web applications.

20.8% of all APIs analyzed are vulnerable.

Just 13% of respondents currently use a dedicated SaaS Security Posture Management (SSPM) solution.

41% of SaaS incidents stemmed from permission issues.

96% of respondents either already work with an MSP or are evaluating/considering collaboration with an MSP.

51% of organisations turn to MSPs to evolve their security strategies as the business expands.

Just under half (48%) of organisations say they rely on MSPs for around-the-clock security coverage.

61% of organisations with 50 to 100 employees depend on MSPs for security support.

IT security decision makers have prioritised encryption of USB sticks (53%) and portable hard drives (52%).