Q4 2025 severity breakdown: 146 Medium, 54 High and 2 Critical automotive vulnerabilities

35% of law firms cite data privacy and security as AI-related concerns.

Only 29% of organizations are prioritizing sovereign AI in a concrete, near-term way.

423 financial services organizations appeared on dedicated leak sites, marking a 27% year-over-year increase.

26% of organizations leave MySQL databases exposed to the internet.

Only 29% of organizations conduct continuous simulation testing.

51% of middle market companies rely on staff training for responsible AI use.

The average cost of downtime for organizations is $15,000 per minute.

18% of organizations have zero governance over their IDE or MCP servers inside developers' workflows.

19% of consumers report being scammed.

More than 1 in 7 organizations expose API documentation to the internet.

48% of organizations report security concerns as the top barrier to AI adoption, up from 17% in 2024.

China hosted 42.3% of all tracked Cobalt Strike infrastructure, the US hosted 18.9%, and Hong Kong hosted 15.8%.

Across 2025, 7,918 victim postings were observed on ransomware group data-leak sites (DLS) across 129 distinct threat actors sourced from ransomware.

31% of breaches now start with software vulnerabilities.

48% of all breaches now involve ransomware.

96% of cybersecurity decision-makers globally cite disconnected or poorly integrated security tools as creating exploitable gaps.

PRESSURE CHOLLIMA conducted the largest financial theft ever reported: $1.46 billion in cryptocurrency via a trojanized supply chain compromise.

15% of organizations leave WordPress admin panels internet-facing.

85% of organizations agree that fragmented identity systems and tools impact or delay their ability to detect and respond to identity-related threats.