63 percent believe quantum computing will speed up computational tasks or data analysis significantly.

There was a 16.7% rise worldwide year-over-year in active scanning.

76% of tech leaders have identified skills gaps within their teams. Among the specific areas where skills gaps are most notably reported, Cybersecurity and privacy accounts for 30%

72% of respondents continue to significantly or moderately use Security Orchestration, Automation, and Response (SOAR) to reduce cyber threats.

45% of executives say that cyber resilience is recognized as a whole company priority rather than simply a cybersecurity issue—an increase from 27% last year.

25% have no plans to migrate to PQC.

More than half (55 percent) of enterprises have not taken steps to prepare for quantum computing.

67% of organizations are now using risk and threat assessments to inform budget decisions. This is up from 53% in 2024.

The effectiveness of CSIRPs in minimizing the consequences of cybersecurity incidents increased from 50% of respondents in 2024 to 57% of respondents in 2025

57% of respondents report automation has reduced the time to respond to vulnerabilities.

There was a 50% increase year-over-year in the use of Trojans in attacks.

47% of email domains do not have Domain-based Message Authentication, Reporting and Conformance (DMARC) configured to protect against unauthorized use, including spoofing and impersonation attacks.

Vishing (voice-call phishing) tactics grew by 28%.

60.7% of the phishing simulations that were clicked mentioned an internal team.

Internal communications are a significant driver of phishing failures. Emails impersonating internal teams, particularly HR and IT, received the most failures in phishing simulations.

23% of HTML email attachments are malicious, making them the most weaponized text file type detected. More than three-quarters of the malicious files detected overall were HTML files.

68% of malicious PDF attachments contain QR codes designed to take users to phishing websites.

64% of organizations are growing their AppSec teams.

49.7% of clicked phishing simulations mentioned HR.

Regarding preferred methods for PQC migration and security measures, 17% plan to adopt full PQC implementation.