85% of organizations agree that fragmented identity systems and tools impact or delay their ability to detect and respond to identity-related threats.

Since 2023, the share of organizations deploying patches within six days has nearly quadrupled, rising from 15% to 59%.

Organizations experience an average 3.4% drop in stock price following a downtime event.

Attackers exploited vulnerabilities an average of seven days before public disclosure in 2025.

87% of monitored client-facing mobile applications faced attacks in 2026, up from 55% in 2022.

Mobile application attack rates progressed in a five-step trajectory of 55% → 57% → 65% → 82.7% → 87% over the five-year period from 2022 to 2026.

45.6% of employees' personal AI activity flows through enterprise tools their company is paying for.

64.5% of activity on personal and free-tier AI accounts is business use rather than personal use.

Go To Market accounts for 17.5% of AI minutes and runs 39% of its AI activity on enterprise plans.

495 malicious AI models were identified on Hugging Face.

ShinyHunters vishing attack against an online automotive marketplace help desk exfiltrated 12.4 million user records (6.1 GB) in mid-February 2026

Q4 2025 automotive vulnerabilities mapped to 19 distinct TTPs in the Auto-ISAC Automotive Threat Matrix

Q4 2025 severity breakdown: 146 Medium, 54 High and 2 Critical automotive vulnerabilities

26% of organizations leave MySQL databases exposed to the internet.

Only 29% of organizations conduct continuous simulation testing.

51% of middle market companies rely on staff training for responsible AI use.

The average cost of downtime for organizations is $15,000 per minute.

18% of organizations have zero governance over their IDE or MCP servers inside developers' workflows.

19% of consumers report being scammed.

Hands-on-keyboard intrusions against financial institutions spiked 43% globally and 48% in North America over the past two years.