77% of organisations experienced a cybersecurity incident in the past year.

In 2025, 52% of U.S. school districts experienced a cybersecurity incident, up from 36% in 2024 and 31% in 2023.

47.8% of surveyed enterprise open source users said their organization experienced a cybersecurity incident in the past 12 months.

Open source using organizations with 1,001–10,000 employees were more than twice as likely to report an incident compared to those with fewer than 100 employees.

Among the open-source users whose organizations reported a cybersecurity incident, 61.4% indicated that the incident occurred when a patch was available but had not been applied – a slight increase from 60.4% last year.

Among respondents who identified at least one affected technology, vulnerabilities tied to reported open source incidents were distributed across infrastructure and middleware (51.9%), software development frameworks and libraries (50.0%), and databases and data technologies (48.1%).

92.6% of open-source users reported that their organization was aware it was vulnerable before the cybersecurity incident occurred.

73% of companies rate the impact of cybersecurity incidents as severe or moderate.

39% of respondents reported experiencing a cybersecurity incident in the last year.