Nearly 44% of older Americans are unaware of phantom hacker scams.

51% of Americans aged 25 to 34 believe banks should always reimburse fraud victims.

One in three email messages is malicious or unwanted spam.

48% of malicious email activity is phishing.

34% of companies experience at least one account takeover incident every month.

More than 10% of HTML attachments are malicious.

9% of organizations expose SNMP on the public internet.

49% of organizations expose risky ports and services.

Retail firms average 10 days to remediate exposures.

Organizations reported an average of three separate identity-related incidents.

5% of organizations reported six or more identity-related breaches.

10% of organizations reported an identity breach that impacted their business in the last year.

When identity breaches impact business, the primary consequences are data theft (49%), ransomware (48%), and financial theft (47%).

Only 24% of organizations continually monitor for unusual login attempts.

14% of breached organizations cannot detect and stop their most significant identity attack before damage is done.

Energy, oil/gas, and utilities reported an 80% breach rate and federal/central government report a 78% breach rate, the highest across industries surveyed.

Organizations that find compliance requirements very challenging have a breach rate of 82.4%, which is 14 percentage points higher than organizations with lower compliance difficulty (68.3%).

Human error (employees tricked into providing credentials) was cited in nearly 43% of identity incidents.

Weak non-human identity (NHI) management was cited in 41% of identity incidents.

One-third of organizations regularly rotate or audit service accounts and non-human identities, while just 11% do so continuously.