Among organizations where AI significantly expanded identities requiring access, breach rates reached 43% over the past twelve months. In contrast, where AI had not materially changed access patterns, breach rates were 11% over the past twelve months.

76% of organizations do not fully govern or monitor non-human identities.

Enterprise application exploitation surged 800% in 2025, making ERP, CRM, collaboration, and operational business platforms top targets.

76% of organizations cannot immediately revoke standing access when it is no longer needed.

Only 11% of organizations have operationalized AI governance through continuous enforcement and monitoring.

43% of senior security and IT leaders at U.S. enterprises with 500+ employees say they can assess the full blast radius of a compromised, high-privilege account within minutes.

Only 19% of organizations fully govern non-human identities.

Only 20% of organizations fully monitor employee use of shadow AI.

Only 23.5% of organizations can respond at the speed attackers move.

Nearly 63% of organizations require between one and three days to remediate identified risks.

Organizations with 500 to 999 employees reported a 40.3% breach rate, the highest of any size segment.

In North America, 12% of breached organizations reported losses above $250,000 in the past year.

73% of security leaders report their enterprise's cybersecurity training budget has increased over the past 12 months.

47% of security leaders at enterprises say AI is the most pressing skill their organization is addressing or planning to address through cybersecurity training.

In North America, 24% of breached organizations reported losses of at least $100,000 in the past year.

94% of security leaders at enterprises feel they are keeping up or are ahead of the curve in adapting training to emerging technologies and shifting security requirements.

86% of security leaders at enterprises say their training programs effectively address changing skills needs.

53% of cybersecurity leaders at enterprises cite time and scheduling constraints as the primary barrier to effective training.

44% of enterprises identify cloud computing security as a top training priority.

40% of enterprises identify risk assessment and management as a top training priority.