41% of respondents are in the process of simplifying their tech platform.

98% of organizations plan to expand their adoption of AI agents.

95% of software weaknesses are directly attributable to open-source code.

"Secure Creators" (organizations with more advanced cybersecurity functions than their peers) require smaller budgets — 10% smaller on average — and are less likely to cite budgets as a key challenge.

74% of respondents reported they invested savings from optimization, automation, and outsourcing to address control weakness.

46% of respondents used savings from optimization, automation, and outsourcing to increase coverage of the attack surface.

"Secure Creators" (organizations with more advanced cybersecurity functions than their peers) were more likely to have positively impacted how external stakeholders perceive their brand (72% vs. 56% of Prone Enterprises).

Nearly a third (29%) of teams still lack the tools and processes needed to analyze SBOMs for vulnerabilities.

Individual breached records surged by more than 186%, revealing sensitive information such as passwords, emails, and credit card details.

Generic scams accounted for 51% of reports submitted to the Norton Genie scam detector.

88% of manufacturers authorize remote third-party access to OT environments.

67% of manufacturers cited improved third-party collaboration as the top benefit of secure remote access.

55% of respondents say AI agents making decisions based on inaccurate or unverified data is a factor contributing to AI agents as a security risk.

For each initiative that involves cybersecurity, the median value creation figure is US$36m. This figure varies significantly by organization size, ranging from a median of US$11m per project for organizations with US$1b-US$4.9b in revenue, up to US$154m for companies with US$20b or more in annual revenue6.

"Secure Creators" (organizations with more advanced cybersecurity functions than their peers) were more likely to help other business functions implement AI than "Prone Enterprises" (48% vs. 31%).

Reports of phishing scams rose by a staggering 466% compared to the previous quarter.

Phishing now makes up nearly 32% of all scam submissions to the Norton Genie scam detector platform.

35% of security professionals said data security and privacy risks was the most pressing or high-stakes issue AI creates for organizations today.

"Secure Creators" (organizations with more advanced cybersecurity functions than their peers) were more involved in efforts to improve customer experience than their peers (53% vs. 42%).

Almost all (88%) of respondents reported that AI has the potential to critically or significantly enhance software supply chain security visibility.