There has been a 67% increase in the number of organisations performing software composition analysis (SCA) on code repositories.

The number of organisations employing research groups to develop new attack methods has grown by 30%.

Cloud applications were the top target for phishing campaigns, representing more than a quarter of all phishing clicks at 27%.

A 22% rise in the number of organizations creating software bills of materials (SBOMs) for deployed software has been observed.

The number of vulnerable points in US electrical networks is increasing by approximately 60 per day.

77% of businesses highlight higher risks of core business process failures.

93% of oganizations believe AI must be fully integrated into orchestrated processes to maximize the return on investment and business value.

RansomHub was the most prominent R&DE collective in 2024. RansomHub accounted for approximately 10% of all R&DE incidents ZeroFox observed throughout the year and conducted at least 216 attacks during Q4 2024. In November 2024, RansomHub conducted at least 97 attacks.

61.6% of healthcare ransomware victims reported attacks to the HHS in 2024.

59% of employees say that they are worried that AI will make it harder for them to know if an incoming email or link is legitimate.

More than half of employees admit to making email mistakes at least once every few months, with 30% saying they make errors on an almost weekly basis

75% of organisations that have embraced security platformisation agree that better integration across security, hybrid cloud, AI, and other technology platforms is crucial.

52% of executives say complexity is the biggest impediment to their cybersecurity operations.

4 out of 5 non-platform organisations say their security operations cannot effectively deal with the sheer quantity of threats and attacks.

80% of platformisation adopters say they have full visibility into potential vulnerabilities and threats.

Most security.txt files were hosted on port 443 (46%), while 18% were on unsecured ports like 80 and another 18% were on pots like 8080 that are not as safe but can be configured manually to support the necessary encryption.

Ransomware groups Everest and Monti has 25% and 20.8%, respectively, of their victims in healthcare.

While IT leaders estimate that only 34% of outbound email incidents are formally reported, many employees handle mistakes informally—50% say they would notify the unintended recipient directly, while just 9% would report the incident to IT

For platformised organisations, mean time to identify (MTTI) security incidents is shorter by an average of 72 days.

38% of IT leaders say employees using unauthorised platforms is among the biggest security vulnerabilities in organizations