96% of respondents report that human identities operate with access far beyond what is required for their roles.

42% of the human workforce has direct access to organizational data.

84% of respondents believe their organization could at least moderately improve awareness of the permissions and access granted to connectors and service accounts.

56% of organizations report that they can’t effectively enforce continuous least privilege for service accounts across cloud, SaaS, and on-premises environments.

64% of organizations still report they are not yet prepared to defend against quantum-enabled threats.

86% agree that they will need external help to become quantum ready.

71% of organizations don’t fully automate certificate renewal and monitoring across all environments.

98% report challenges securing PKI.

Deployment of AI tools initially reduces performance by 10–20% before improvements are realized through repeated testing.

78% of security leaders report high confidence in their defenses, even though security teams score as low as 30% in Defensive Security Readiness exercises.

73% of organizations are using AI agents in their Security Operations Center at a moderate to high level.

49% of organizations include third-party applications in their current patching process.

More than 60% of organizations rely on manual processes in at least part of the patch lifecycle.

More than a third of organizations in the US report attempted cyber attacks occurring daily or even more frequently.

42% of organizations globally identify a lack of visibility into the AI tools employees use as a significant identity governance gap.

Downtime costs an organization $95 million in lost revenue annually, nearly double the level in 2024.

81% of technology leaders cite customer loss as a consequence of downtime.

Victims were given an average of 7.7 days to meet ransom demands in Q1 2026.

89% of tech leaders cite the need for large numbers of personnel to fix downtime issues.

Only 38% of technology executives consistently identify the root cause of a downtime incident.